Aruba IAP-335 User manual
User Guide
Aruba Instant
6.5.0.0-4.3.0.0
Revision 03 | October 2016 Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Copyright Information
© Copyright 2016 Hewlett Packard Enterprise Development LP.
Open Source Code
This product includes code licensed under the GNU General Public License, the GNU Lesser General Public
License, and/or certain other open source licenses. A complete machine-readable copy of the source code
corresponding to such code is available upon request. This offer is valid to anyone in receipt of this information
and shall expire three years following the date of the final distribution of this product version by Hewlett
Packard Enterprise Company. To obtain such source code, send a check or money order in the amount of US
$10.00 to:
Hewlett Packard Enterprise Company
Attn: General Counsel
3000 Hanover Street
Palo Alto, CA 94304
USA
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide | 3
Contents
About this Guide 9
Intended Audience 9
Related Documents 9
Conventions 9
Contacting Support 10
About Aruba Instant 12
Instant Overview 12
What is New in this Release 15
Setting up an IAP 18
Setting up Instant Network 18
Provisioning an IAP 19
Logging in to the Instant UI 22
Accessing the Instant CLI 23
Automatic Retrieval of Configuration 27
Managed Mode Operations 27
Prerequisites 27
Configuring Managed Mode Parameters 28
Verifying the Configuration 29
Instant User Interface 31
Login Screen 31
Main Window 32
Initial Configuration Tasks 60
Configuring System Parameters 60
Changing Password 66
Customizing IAP Settings 68
Modifying the IAP Host Name 68
Configuring Zone Settings on an IAP 68
Specifying a Method for Obtaining IP Address 69
Configuring External Antenna 69
Configuring Radio Profiles for an IAP 70
4| Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Configuring Uplink VLANfor an IAP 72
Changing USB Port Status 73
Master Election and Virtual Controller 73
Adding an IAP to the Network 75
Removing an IAP from the Network 75
VLAN Configuration 77
VLAN Pooling 77
Uplink VLAN Monitoring and Detection on Upstream Devices 77
IPv6 Support 78
IPv6 Notation 78
Enabling IPv6 Support for IAP Configuration 78
Firewall Support for IPv6 80
Debugging Commands 80
Wireless Network Profiles 81
Configuring Wireless Network Profiles 81
Configuring Fast Roaming for Wireless Clients 101
Configuring Modulation Rates on a WLAN SSID 104
Multi-User-MIMO 105
Management Frame Protection 106
Disabling Short Preamble for Wireless Client 106
Editing Status of a WLAN SSID Profile 106
Editing a WLAN SSID Profile 107
Deleting a WLAN SSID Profile 107
Wired Profiles 108
Configuring a Wired Profile 108
Assigning a Profile to Ethernet Ports 113
Editing a Wired Profile 113
Deleting a Wired Profile 114
Link Aggregation Control Protocol 114
Understanding Hierarchical Deployment 115
Captive Portal for Guest Access 117
Understanding Captive Portal 117
Configuring a WLANSSID for Guest Access 118
Configuring Wired Profile for Guest Access 124
Configuring Internal Captive Portal for Guest Network 126
Configuring External Captive Portal for a Guest Network 129
Configuring Facebook Login 135
Configuring Guest Logon Role and Access Rules for Guest Users 136
Configuring Captive Portal Roles for an SSID 138
Configuring Walled Garden Access 141
Authentication and User Management 143
Managing IAP Users 143
Supported Authentication Methods 148
Supported EAP Authentication Frameworks 150
Configuring Authentication Servers 151
Understanding Encryption Types 164
Configuring Authentication Survivability 166
Configuring 802.1X Authentication for a Network Profile 167
Enabling 802.1X Supplicant Support 169
Configuring MAC Authentication for a Network Profile 170
Configuring MAC Authentication with 802.1X Authentication 172
Configuring MAC Authentication with Captive Portal Authentication 174
Configuring WISPr Authentication 175
Blacklisting Clients 176
Uploading Certificates 179
Roles and Policies 182
Firewall Policies 182
Content Filtering 195
Configuring User Roles 199
Configuring Derivation Rules 201
Using Advanced Expressions in Role and VLAN Derivation Rules 207
DHCP Configuration 211
Configuring DHCP Scopes 211
Configuring the Default DHCP Scope for Client IP Assignment 218
Configuring Time-Based Services 221
Time Range Profiles 221
Configuring a Time Range Profile 221
Applying a Time Range Profile to a WLAN SSID 222
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide | 5
6| Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Verifying the Configuration 223
Dynamic DNS Registration 225
Enabling Dynamic DNS 225
Configuring Dynamic DNSUpdates for Clients 226
Verifying the Configuration 227
VPN Configuration 228
Understanding VPN Features 228
Configuring a Tunnel from an IAP to a Mobility Controller 229
Configuring Routing Profiles 240
IAP-VPN Deployment 242
Understanding IAP-VPN Architecture 242
Configuring IAP and Controller for IAP-VPN Operations 245
Adaptive Radio Management 253
ARM Overview 253
Configuring ARM Features on an IAP 254
Configuring Radio Settings 260
Deep Packet Inspection and Application Visibility 264
Deep Packet Inspection 264
Enabling Application Visibility 264
Application Visibility 265
Enabling URL Visibility 270
Configuring ACL Rules for Application and Application Categories 270
Configuring Web Policy Enforcement Service 273
Voice and Video 276
Wi-Fi Multimedia Traffic Management 276
Media Classification for Voice and Video Calls 279
Enabling Enhanced Voice Call Tracking 280
Services 282
Configuring AirGroup 282
Configuring an IAP for RTLSSupport 291
Configuring an IAP for Analytics and Location Engine Support 292
Managing BLEBeacons 293
Configuring OpenDNS Credentials 294
Integrating an IAP with Palo Alto Networks Firewall 295
Integrating an IAP with an XMLAPIInterface 297
CALEA Integration and Lawful Intercept Compliance 299
IAP Management and Monitoring 305
Managing an IAP from AirWave 305
Managing IAP from Aruba Central 314
Uplink Configuration 317
Uplink Interfaces 317
Uplink Preferences and Switching 322
Intrusion Detection 327
Detecting and Classifying Rogue IAPs 327
OS Fingerprinting 327
Configuring Wireless Intrusion Protection and Detection Levels 328
Configuring IDS 333
Mesh IAP Configuration 334
Mesh Network Overview 334
Setting up Instant Mesh Network 335
Configuring Wired Bridging on Ethernet 0 for Mesh Point 335
Mobility and Client Management 337
Layer-3 Mobility Overview 337
Configuring L3-Mobility 338
Spectrum Monitor 340
Understanding Spectrum Data 340
Configuring Spectrum Monitors and Hybrid IAPs 346
IAP Maintenance 348
Upgrading an IAP 348
Backing up and Restoring IAP Configuration Data 351
Converting an IAP to a Remote AP and Campus AP 352
Resetting a Remote AP or Campus AP to an IAP 358
Rebooting the IAP 358
Monitoring Devices and Logs 360
Configuring SNMP 360
Configuring a Syslog Server 364
Configuring TFTP Dump Server 365
Running Debug Commands 366
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide | 7
8| Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Uplink Bandwidth Monitoring 370
Hotspot Profiles 372
Understanding Hotspot Profiles 372
Configuring Hotspot Profiles 374
Sample Configuration 385
Mobility Access Switch Integration 388
Mobility Access Switch Overview 388
Configuring IAPs for Mobility Access Switch Integration 389
ClearPass Guest Setup 390
Configuring ClearPass Guest 390
Verifying ClearPass Guest Setup 394
Troubleshooting 394
IAP-VPN Deployment Scenarios 396
Scenario 1—IPsec: Single Datacenter Deployment with No Redundancy 397
Scenario 2—IPsec: Single Datacenter with Multiple Controllers for Redundancy 401
Scenario 3—IPsec: Multiple Datacenter Deployment with Primary and Backup Controllers for
Redundancy 405
Scenario 4—GRE: Single Datacenter Deployment with No Redundancy 410
Glossary 413
Acronyms and Abbreviations 418
Glossary 433
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide About this Guide | 9
Chapter 1
About this Guide
This User Guide describes the features supported by Aruba Instant and provides detailed instructions for
setting up and configuring the Instantnetwork.
Intended Audience
This guide is intended for administrators who configure and use IAPs.
Related Documents
In addition to this document, the Instant product documentation includes the following:
lAruba Instant Access Point Installation Guides
lAruba Instant Quick Start Guide
lAruba Instant CLI Reference Guide
lAruba Instant MIB Reference Guide
lAruba Instant Syslog Messages Reference Guide
lAruba Instant Release Notes
Conventions
The following conventions are used throughout this manual to emphasize important concepts:
Style Type Description
Italics This style is used to emphasize important terms and to mark the titles of
books.
System items This fixed-width font depicts the following:
lSample screen output
lSystem prompts
lFilenames, software devices, and specific commands when mentioned in
the text.
Commands In the command examples, this style depicts the keywords that must be
typed exactly as shown.
Table 1: Typographical Conventions
10 | About this Guide Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Style Type Description
<Arguments> In the command examples, italicized text within angle brackets represents
items that you should replace with information appropriate to your specific
situation. For example:
#send <text message>
In this example, you would type “send” at the system prompt exactly as
shown, followed by the text of the message you wish to send. Do not type
the angle brackets.
[Optional] Command examples enclosed in square brackets are optional. Do not type
the square brackets.
{Item A |
Item B}
In the command examples, items within curly brackets and separated by a
vertical bar represent the available choices. Enter only one choice. Do not
type the curly brackets or bars.
Table 1: Typographical Conventions
The following informational icons are used throughout this guide:
Indicates helpful suggestions, pertinent information, and important things to remember.
Indicates a risk of damage to your hardware or loss of data.
Indicates a risk of personal injury or death.
Contacting Support
Main Site arubanetworks.com
Support Site support.arubanetworks.com
Airheads Social Forums and
Knowledge Base
community.arubanetworks.com
North American Telephone 1-800-943-4526 (Toll Free)
1-408-754-1200
International Telephone arubanetworks.com/support-services/contact-support/
Table 2: Support Information
Software Licensing Site hpe.com/networking/support
End-of-life Information arubanetworks.com/support-services/end-of-life/
Security Incident Response
Team (SIRT)
Site: arubanetworks.com/support-services/security-bulletins/
Email: sirt@arubanetworks.com
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide About this Guide | 11
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide About Aruba Instant | 12
Chapter 2
About Aruba Instant
This chapter provides the following information:
lInstant Overview on page 12
lWhat is New in this Release on page 15
Instant Overview
Instant virtualizes Aruba Mobility Controller capabilities on 802.1--capable access points (APs), creating a
feature-rich enterprise-grade wireless LAN (WLAN) that combines affordability and configuration simplicity.
Instant is a simple, easy to deploy turnkey WLAN solution consisting of one or more IAPs. An Ethernet port
with routable connectivity to the Internet or a self-enclosed network is used for deploying an Instant Wireless
Network. An Instant Access Point (IAP) can be installed at a single site or deployed across multiple
geographically dispersed locations. Designed specifically for easy deployment and proactive management of
networks, Instant is ideal for small customers or remote locations without requiring any on-site IT
administrator.
Instant consists of an IAP and a Virtual Controller (VC). The VC resides within one of the IAPs. In an Instant
deployment scenario, only the first IAP needs to be configured. After the first IAP is configured, the other IAPs
inherit all the required configuration information from the VC. Instant continually monitors the network to
determine the IAP that should function as a VC at any time, and the VC will move from one IAP to another as
necessary without impacting network performance.
Supported IAP Platforms
The following table provides a list of IAP platforms that support Instant software:
IAP Platform Minimum Required Instant Software Version
IAP-334/335 Instant 6.5.0.0-4.3.0.0 or later
IAP-314/315 Instant 6.5.0.0-4.3.0.0 or later
IAP-324/325 Instant 6.4.4.3-4.2.2.0 or later
IAP-205H
IAP-228
IAP-277
Instant 6.4.3.1-4.2.0.0 or later
IAP-204/205
IAP-214/215
Instant 6.4.2.0-4.1.1.0 or later
IAP-103
IAP-274/275
Instant 6.4.0.2-4.1.0.0 or later
Table 3: Supported IAP Platforms
13 | About Aruba Instant Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
IAP Platform Minimum Required Instant Software Version
IAP-114/115
IAP-224/225
Instant 6.3.1.1-4.0.0.0 or later
RAP-155/155P Instant 6.2.1.0-3.3.0.0 or later
RAP-108/109 Instant 6.2.0.0-3.2.0.0 or later
Table 3: Supported IAP Platforms
Each IAP model has a minimum required Instant software version as shown in Table 3. When a new IAP is
added into an existing cluster, it can join the cluster only if the existing cluster is running at least the minimum
required version of that IAP. If the existing cluster is running a version prior to the minimum required version
of the new IAP, new IAP will not come up and may reboot with the reason Image sync fail. To recover from
this condition, upgrade the existing cluster to at least the minimum required version of the new IAP first, and
add the new IAP.
Aruba recommends that networks with more than 128 IAPs be designed as multiple, smaller VC networks with
Layer-3 mobility enabled between these networks.
Aruba IAPs are available in the following variants:
lUS (United States)
lJP (Japan)
lIL (Israel)
lRW
The following table provides the variants supported for each IAPplatform:
IAPModel (Reg
Domain)
IAP-###-US
(US only)
IAP-###-JP
(Japan
only)
IAP-###-IL
(Israel
only)
IAP-###-RW
(Rest of the
World
except
US/JP/IL)
IAP-334/335 Yes Yes Yes Yes
IAP-314/315 Yes Yes Yes Yes
IAP-324/325 Yes Yes Yes Yes
IAP-277 Yes Yes No Yes
IAP-274/275 Yes Yes Yes Yes
Table 4: Supported IAP Variants
IAPModel (Reg
Domain)
IAP-###-US
(US only)
IAP-###-JP
(Japan
only)
IAP-###-IL
(Israel
only)
IAP-###-RW
(Rest of the
World
except
US/JP/IL)
IAP-228 Yes Yes No Yes
IAP-224/225 Yes Yes Yes Yes
IAP-214/215 Yes Yes Yes Yes
IAP-205H Yes Yes Yes Yes
IAP-204/205 Yes Yes Yes Yes
RAP155/155P Yes Yes Yes No
IAP-114/115 Yes Yes Yes Yes
RAP-108/109 Yes Yes Yes No
IAP-103 Yes Yes Yes Yes
Table 4: Supported IAP Variants
For information on regulatory domains and the list of countries supported by the IAP-###-RW type, see the
Specifying Country Code section in Logging in to the Instant UI on page 22
Instant UI
The Instant User Interface (UI) provides a standard web-based interface that allows you to configure and
monitor a Wi-Fi network. Instant is accessible through a standard web browser from a remote management
console or workstation and can be launched using the following browsers:
lMicrosoft Internet Explorer 11 or earlier
lApple Safari 6.0 or later
lGoogle Chrome 23.0.1271.95 or later
lMozilla Firefox 17.0 or later
If the Instant UI is launched through an unsupported browser, a warning message is displayed along with a list
of recommended browsers. However, the users are allowed to log in using the Continue login link on the
Login page.
To view the Instant UI, ensure that JavaScript is enabled on the web browser.
The Instant UI logs out automatically if the window is inactive for 15 minutes.
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide About Aruba Instant | 14
15 | About Aruba Instant Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Instant CLI
The Instant Command Line Interface (CLI) is a text-based interface that is accessible through a Secure Shell
(SSH) session.
SSH access requires that you configure an IP address and a default gateway on the IAP and connect the IAP to
your network. This is typically performed when the Instant network on an IAP is set up.
What is New in this Release
The following features are introduced in Instant 6.5.0.0-4.3.0.0:
Feature Description
New Option Added for
Broadcast Filtering
A new option called Unicast-ARP-Only has been added to broadcast filtering. This option
converts the ARP requests to unicast frames and sends them directly to the associated
clients.
Media Classification
Techniques for Voice
and Video
Enabling Enhanced Voice
Call Tracking
Starting from Instant 6.5.0.0-4.3.0.0, IAP supports media classification for Skype for
Business and Apple Facetime.
Voice and Video calls can be prioritized by the following media classification types:
lClassifying voice and video calls by using an ACLwith the classify-media option
enabled
lSTUNbased media classification
The Master IAP sends an SNMP trap to the third-party SNMP server with the location
details of the VoIP caller.
Configuring Maximum
Clients on SSIDRadio
Profiles
The maximum number of clients allowed to connect to a WLANSSIDRadio profile can
now be individually set using the Instant CLI.
Redirect Blocked
HTTPSWebsites to a
Custom Page URL
Instant 6.5.0.0-4.3.0.0 allows you to redirect blocked HTTPS websites to a custom page
url by configuring the Redirect-Blocked-HTTPSrule type for WLANSSIDand wired
profiles.
Configuring Security
Settings for a Wired
Profile
Instant supports the trusted ports in an IAP to enable wired users on a Layer-3 mode to
connect to a switch or a router which is connected to the downlink port of the IAP. A new
parameter called Port type is introduced in the wired profile of the Instant UI. IAPs can
now manage incoming traffic received from the clients.
UI support for Enet-VLAN
Setting
A new system parameter Uplink switch native VLAN which is introduced in the
Instant UI restricts the IAP from sending out tagged frames to clients connected on the
SSID that has the same VLAN as the native VLAN of the upstream switch, to which the
IAP is connected.
ARM Channel Selection IAPs can trigger a radio profile to perform frequent scanning and selection of a valid
channel in a short span of time. A new command, ap-frequent-scan enables the IAPs to
frequently scan signals in the radio profile.
Table 5: New Features
Feature Description
Hashing of Management
User Password
The password of management users can be stored and displayed in hash format
instead of encrypted text format. Hashed passwords are more secured as they cannot
be reversed.
Banner and
Loginsession
Configuration using CLI
IAPs can display a text banner when users are on a management session. The session
can remain active even without any user activity. The commands banner and
loginsession are introduced in this feature.
Temporal Diversity and
Retries Configuration
using CLI
The parameters temporal-diversity and max-retries are introduced to enable the IAP
to perform software retries, and also manage the retry attempts when clients are not
responding to 802.11 packets.
IPv6 Support This release introduces support for IPv6 and enables the IAP to access control
capabilities to clients, firewall enhancements, management of IAPs through a static IPV6
IP, support for IPV6 RADIUS server.
Management Frame
Protection
An IEEE 802.11w standard that increases security by providing data confidentiality of
management frames.
Table 5: New Features
Support for New IAP Devices
Instant 6.5.0.0-4.3.0.0 release introduces support for the following new IAP devices. These new devices do not
interoperate with Instant versions lower than Instant 6.5.0.0-4.3.0.0. If these IAPs are placed into a cluster
running older Instant versions prior to Instant 6.5.0.0-4.3.0.0, the devices will reboot with the Image Sync
Fail reason. To resolve this issue, upgrade the existing cluster to minimum Instant 6.5.0.0-4.3.0.0 release, and
then add the new IAP devices.
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide About Aruba Instant | 16
17 | About Aruba Instant Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Feature Description
IAP-314/315 The IAP-310 Series (IAP-314/315) wireless access points support IEEE 802.11ac
standards for high-performance WLAN, and are equipped with two single-band radios,
which can provide network access and monitor the network simultaneously. Multi-User
Multiple-In Multiple-Output (MU-MIMO) technology allows these access points to deliver
high-performance 802.11n 2.4 GHz and 802.11ac 5 GHz functionality, while also
supporting 802.11a/b/g wireless services.
The IAP-310 Series wireless access points provide the following capabilities:
lIEEE 802.11a/b/g/n/ac wireless access point
lIEEE 802.11a/b/g/n/ac wireless air monitor
lIEEE 802.11a/b/g/n/ac spectrum analysis
lCompatible with IEEE 802.3at PoE+ and 802.3af PoE
lSupport for MCS8 and MCS9
lCentralized management, configuration and upgrades
lIntegrated Bluetooth Low Energy (BLE) radio
IAP-334/335 The IAP-330 Series (IAP-334/335) wireless access points support IEEE 802.11ac
standards for high-performance WLAN, and are equipped with two dual-band radios,
which can provide network access and monitor the network simultaneously. MU-MIMO
technology allows this access point to deliver high-performance 802.11n 2.4 GHz and
802.11ac 5 GHz functionality, while also supporting 802.11a/b/g wireless services.
The IAP-330 wireless access points provide the following capabilities:
lIEEE 802.11a/b/g/n/ac wireless access point
lIEEE 802.11a/b/g/n/ac wireless air monitor
lIEEE 802.11a/b/g/n/ac spectrum analysis
lCompatible with IEEE 802.3at PoE+ power sources
lCentralized management, configuration and upgrades
lIntegrated BLE radio
Table 6: New Hardware Platforms
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide Setting up an IAP | 18
Chapter 3
Setting up an IAP
This chapter describes the following procedures:
lSetting up Instant Network on page 18
lProvisioning an IAP on page 19
lLogging in to the Instant UI on page 22
lAccessing the Instant CLI on page 23
Setting up Instant Network
Before installing an IAP:
lEnsure that you have an Ethernet cable of the required length to connect an IAP to the home router.
lEnsurethat you have one of the following power sources:
nIEEE 802.3af/at-compliant Power over Ethernet (PoE) source. The PoE source can be any power source
equipment (PSE) switch or a midspan PSE device.
nIAP power adapter kit.
Perform the following procedures to set up the Instant network:
1. Connecting an IAP on page 18
2. Assigning an IP address to the IAP on page 18
Connecting an IAP
Based on the type of the power source used, perform one of the following steps to connect an IAP to the
power source:
lPoE switch—Connect the Ethernet 0 (Enet0) port of the IAP to the appropriate port on the PoE switch.
lPoE midspan—Connect the Enet0 port of the IAP to the appropriate port on the PoE midspan.
lAC to DC power adapter—Connect the 12V DC power jack socket to the AC to DC power adapter.
RAP-155P supports PSE for 802.3at-powered device (class 0-4) on one port (E1 or E2), or 802.3af-powered DC
IN (Power Socket) on two ports (E1 and E2).
Assigning an IP address to the IAP
The IAP needs an IP address for network connectivity. When you connect an IAP to a network, it receives an IP
address from a DHCP server.
To obtain an IP address for an IAP:
1. Ensure that the DHCP service is enabled on the network.
2. Connect the Enet0 port of IAP to a switch or router using an Ethernet cable.
3. Connect the IAP to a power source. The IAP receives an IP address provided by the switch or router.
If there is no DHCP service on the network, the IAP can be assigned a static IP address. If a static IP is not
assigned, the IAP obtains an IPautomatically within the 169.254 subnet.
19 | Setting up an IAP Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Assigning a Static IP
To assign a static IP to an IAP:
1. Connect a terminal, PC, or workstation running a terminal emulation program to the Console port on the
IAP.
2. Turn on the IAP. An autoboot countdown prompt that allows you to interrupt the normal startup process
and access apboot is displayed.
3. Press Enter key before the timer expires. The IAP goes into the apboot mode.
4. In the apboot mode, execute the following commands to assign a static IP to the IAP.
Hit <Enter> to stop autoboot: 0
apboot>
apboot> setenv ipaddr 192.0.2.0
apboot> setenv netmask 255.255.255.0
apboot> setenv gatewayip 192.0.2.2
apboot> save
Saving Environment to Flash...
Un-Protected 1 sectors
.done
Erased 1 sectors
Writing
5. Use the printenv command to view the configuration.
apboot> printenv
Provisioning an IAP
This section provides the following information:
lZero Touch Provisioning of IAPs on page 19
lProvisioning IAPs though Aruba Central
lProvisioning IAPs through AirWave
Zero Touch Provisioning of IAPs
Zero Touch Provisioning eliminates the traditional method of deploying and maintaining devices and allows
you to provision new devices in your network automatically, without manual intervention. Following are the
zero-touch provisioning methods for Instant.
Aruba Activate is a cloud-based service designed to enable more efficient deployment and maintenance of
IAPs. Aruba activate is hosted in the cloud and is available at activate.arubanetworks.com. You can register for
a free account by using the serial number and MACaddress of the device you currently own. For more
information on how to setup your device and provision using Aruba Activate, refer to the Aruba Activate User
Guide.
In order for zero-touch provisioning to be successful, the timezone of the IAP must be in synchronization with
the NTPserver.
To facilitate zero-touch provisioning using the AirWave Management Platform (AMP), Central, or Activate, you
must configure the firewall and wired infrastructure to either allow the NTP traffic to pool.ntp.org, or provide
alternative NTP servers under DHCP options. For more information on configuring an NTPserver, see
NTPServer.
In a scenario where the NTP server is unreachable, the connection between the IAP and Activate will fall back to
the unsecured status. The NTPclient process running in the back end will continuously attempt to reconnect to
the NTPserver until a secure connection is established. The NTPclient process receives a response from the
NTP server on successfully establishing a connection and notifies the CLIprocess which runs a series of checks
to ensure the NTPserver is reachable.
Connecting to a Provisioning Wi-Fi Network
The IAPs boot with factory default configuration and try to provision automatically. If the automatic
provisioning is successful, the Instant SSID will not be available. If AirWave and Activate are not reachable and
the automatic provisioning fails, the Instant SSID becomes available and the users can connect to a
provisioning network by using the Instant SSID.
To connect to a provisioning Wi-Fi network:
1. Ensure that the client is not connected to any wired network.
2. Connect a wireless-enabled client to a provisioning Wi-Fi network: for example, Instant.
3. If the Windows operating system (OS) is used:
a. Click the wireless network connection icon in the system tray. The Wireless Network Connection
window is displayed.
b. Click the Instant network and then click Connect.
4. If the Mac OS system is used:
a. Click the AirPort icon. A list of available Wi-Fi networks is displayed.
b. Click the instant network.
The Instant SSIDs are broadcast in 2.4 GHz only.
IAP Cluster
IAPs in the same VLAN automatically find each other and form a single functioning network managed by a VC.
Moving an IAP from one cluster to another requires a factory reset of the IAP.
Disabling the Provisioning Wi-Fi Network
The provisioning network is enabled by default. Instant provides the option to disable the provisioning
network through the console port. Use this option only when you do not want the default SSID Instant to be
broadcast in your network.
To disable the provisioning network:
1. Connect a terminal, PC, or workstation running a terminal emulation program to the Console port on the
IAP.
2. Configure the terminal or terminal emulation program to use the following communication settings:
Baud Rate Data Bits Parity Stop Bits Flow Control
9600 8 None 1 None
Table 7: Terminal Communication Settings
3. Turn on the IAP. An autoboot countdown prompt that allows you to interrupt the normal startup process
and access apboot is displayed.
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide Setting up an IAP | 20
This manual suits for next models
23
Table of contents
Other Aruba Wireless Access Point manuals
Aruba
Aruba AP-105-MNT-C2 User manual
Aruba
Aruba 340 Series User manual
Aruba
Aruba AP-277 User manual
Aruba
Aruba IAP-274 User manual
Aruba
Aruba 303 Series User manual
Aruba
Aruba 650 SERIES User manual
Aruba
Aruba AP-85 User manual
Aruba
Aruba AP-105 User manual
Aruba
Aruba AP-344 User manual
Aruba
Aruba AP-224 User manual
Aruba
Aruba AP 70 User manual
Aruba
Aruba 228 Series User manual
Aruba
Aruba AP-515S User manual
Aruba
Aruba AP-60 User manual
Aruba
Aruba AP-100 Series User manual
Aruba
Aruba RAP-2WG User manual
Aruba
Aruba 610 Series User manual
Aruba
Aruba AP-130 Series User manual
Aruba
Aruba 2E User manual
Aruba
Aruba Instant On AP15 User manual
