Aruba IAP-335 User manual

User Guide

Aruba Instant

6.5.0.0-4.3.0.0

Revision 03 | October 2016 Aruba Instant 6.5.0.0-4.3.0.0 | User Guide

Open Source Code

This product includes code licensed under the GNU General Public License, the GNU Lesser General Public

License, and/or certain other open source licenses. A complete machine-readable copy of the source code

corresponding to such code is available upon request. This offer is valid to anyone in receipt of this information

and shall expire three years following the date of the final distribution of this product version by Hewlett

Packard Enterprise Company. To obtain such source code, send a check or money order in the amount of US

$10.00 to:

Hewlett Packard Enterprise Company

Attn: General Counsel

3000 Hanover Street

Palo Alto, CA 94304

USA

Aruba Instant 6.5.0.0-4.3.0.0 | User Guide | 3

Contents

About this Guide 9

Intended Audience 9

Related Documents 9

Conventions 9

Contacting Support 10

About Aruba Instant 12

Instant Overview 12

What is New in this Release 15

Setting up an IAP 18

Setting up Instant Network 18

Provisioning an IAP 19

Logging in to the Instant UI 22

Accessing the Instant CLI 23

Automatic Retrieval of Configuration 27

Managed Mode Operations 27

Prerequisites 27

Configuring Managed Mode Parameters 28

Verifying the Configuration 29

Instant User Interface 31

Main Window 32

Initial Configuration Tasks 60

Configuring System Parameters 60

Changing Password 66

Customizing IAP Settings 68

Modifying the IAP Host Name 68

Configuring Zone Settings on an IAP 68

Specifying a Method for Obtaining IP Address 69

Configuring External Antenna 69

Configuring Radio Profiles for an IAP 70

4| Aruba Instant 6.5.0.0-4.3.0.0 | User Guide

Configuring Uplink VLANfor an IAP 72

Changing USB Port Status 73

Master Election and Virtual Controller 73

Adding an IAP to the Network 75

Removing an IAP from the Network 75

VLAN Configuration 77

VLAN Pooling 77

Uplink VLAN Monitoring and Detection on Upstream Devices 77

IPv6 Support 78

IPv6 Notation 78

Enabling IPv6 Support for IAP Configuration 78

Firewall Support for IPv6 80

Debugging Commands 80

Wireless Network Profiles 81

Configuring Wireless Network Profiles 81

Configuring Fast Roaming for Wireless Clients 101

Configuring Modulation Rates on a WLAN SSID 104

Multi-User-MIMO 105

Management Frame Protection 106

Disabling Short Preamble for Wireless Client 106

Editing Status of a WLAN SSID Profile 106

Editing a WLAN SSID Profile 107

Deleting a WLAN SSID Profile 107

Wired Profiles 108

Configuring a Wired Profile 108

Assigning a Profile to Ethernet Ports 113

Editing a Wired Profile 113

Deleting a Wired Profile 114

Link Aggregation Control Protocol 114

Understanding Hierarchical Deployment 115

Captive Portal for Guest Access 117

Understanding Captive Portal 117

Configuring a WLANSSID for Guest Access 118

Configuring Wired Profile for Guest Access 124

Configuring Internal Captive Portal for Guest Network 126

Configuring External Captive Portal for a Guest Network 129

Configuring Facebook Login 135

Configuring Guest Logon Role and Access Rules for Guest Users 136

Configuring Captive Portal Roles for an SSID 138

Configuring Walled Garden Access 141

Authentication and User Management 143

Managing IAP Users 143

Supported Authentication Methods 148

Supported EAP Authentication Frameworks 150

Configuring Authentication Servers 151

Understanding Encryption Types 164

Configuring Authentication Survivability 166

Configuring 802.1X Authentication for a Network Profile 167

Enabling 802.1X Supplicant Support 169

Configuring MAC Authentication for a Network Profile 170

Configuring MAC Authentication with 802.1X Authentication 172

Configuring MAC Authentication with Captive Portal Authentication 174

Configuring WISPr Authentication 175

Blacklisting Clients 176

Uploading Certificates 179

Roles and Policies 182

Firewall Policies 182

Content Filtering 195

Configuring User Roles 199

Configuring Derivation Rules 201

Using Advanced Expressions in Role and VLAN Derivation Rules 207

DHCP Configuration 211

Configuring DHCP Scopes 211

Configuring the Default DHCP Scope for Client IP Assignment 218

Configuring Time-Based Services 221

Time Range Profiles 221

Configuring a Time Range Profile 221

Applying a Time Range Profile to a WLAN SSID 222

Aruba Instant 6.5.0.0-4.3.0.0 | User Guide | 5

6| Aruba Instant 6.5.0.0-4.3.0.0 | User Guide

Verifying the Configuration 223

Dynamic DNS Registration 225

Enabling Dynamic DNS 225

Configuring Dynamic DNSUpdates for Clients 226

Verifying the Configuration 227

VPN Configuration 228

Understanding VPN Features 228

Configuring a Tunnel from an IAP to a Mobility Controller 229

Configuring Routing Profiles 240

IAP-VPN Deployment 242

Understanding IAP-VPN Architecture 242

Configuring IAP and Controller for IAP-VPN Operations 245

Adaptive Radio Management 253

ARM Overview 253

Configuring ARM Features on an IAP 254

Configuring Radio Settings 260

Deep Packet Inspection and Application Visibility 264

Deep Packet Inspection 264

Enabling Application Visibility 264

Application Visibility 265

Enabling URL Visibility 270

Configuring ACL Rules for Application and Application Categories 270

Configuring Web Policy Enforcement Service 273

Voice and Video 276

Wi-Fi Multimedia Traffic Management 276

Media Classification for Voice and Video Calls 279

Enabling Enhanced Voice Call Tracking 280

Services 282

Configuring AirGroup 282

Configuring an IAP for RTLSSupport 291

Configuring an IAP for Analytics and Location Engine Support 292

Managing BLEBeacons 293

Configuring OpenDNS Credentials 294

Integrating an IAP with Palo Alto Networks Firewall 295

Integrating an IAP with an XMLAPIInterface 297

CALEA Integration and Lawful Intercept Compliance 299

IAP Management and Monitoring 305

Managing an IAP from AirWave 305

Managing IAP from Aruba Central 314

Uplink Configuration 317

Uplink Interfaces 317

Uplink Preferences and Switching 322

Intrusion Detection 327

Detecting and Classifying Rogue IAPs 327

OS Fingerprinting 327

Configuring Wireless Intrusion Protection and Detection Levels 328

Configuring IDS 333

Mesh IAP Configuration 334

Mesh Network Overview 334

Setting up Instant Mesh Network 335

Configuring Wired Bridging on Ethernet 0 for Mesh Point 335

Mobility and Client Management 337

Layer-3 Mobility Overview 337

Configuring L3-Mobility 338

Spectrum Monitor 340

Understanding Spectrum Data 340

Configuring Spectrum Monitors and Hybrid IAPs 346

IAP Maintenance 348

Upgrading an IAP 348

Backing up and Restoring IAP Configuration Data 351

Converting an IAP to a Remote AP and Campus AP 352

Resetting a Remote AP or Campus AP to an IAP 358

Rebooting the IAP 358

Monitoring Devices and Logs 360

Configuring SNMP 360

Configuring a Syslog Server 364

Configuring TFTP Dump Server 365

Running Debug Commands 366

Aruba Instant 6.5.0.0-4.3.0.0 | User Guide | 7

8| Aruba Instant 6.5.0.0-4.3.0.0 | User Guide

Uplink Bandwidth Monitoring 370

Hotspot Profiles 372

Understanding Hotspot Profiles 372

Configuring Hotspot Profiles 374

Sample Configuration 385

Mobility Access Switch Integration 388

Mobility Access Switch Overview 388

Configuring IAPs for Mobility Access Switch Integration 389

ClearPass Guest Setup 390

Configuring ClearPass Guest 390

Verifying ClearPass Guest Setup 394

Troubleshooting 394

IAP-VPN Deployment Scenarios 396

Scenario 1—IPsec: Single Datacenter Deployment with No Redundancy 397

Scenario 2—IPsec: Single Datacenter with Multiple Controllers for Redundancy 401

Scenario 3—IPsec: Multiple Datacenter Deployment with Primary and Backup Controllers for

Redundancy 405

Scenario 4—GRE: Single Datacenter Deployment with No Redundancy 410

Glossary 413

Acronyms and Abbreviations 418

Glossary 433

Aruba Instant 6.5.0.0-4.3.0.0 | User Guide About this Guide | 9

Chapter 1

About this Guide

This User Guide describes the features supported by Aruba Instant and provides detailed instructions for

setting up and configuring the Instantnetwork.

Intended Audience

This guide is intended for administrators who configure and use IAPs.

Related Documents

In addition to this document, the Instant product documentation includes the following:

lAruba Instant Access Point Installation Guides

lAruba Instant Quick Start Guide

lAruba Instant CLI Reference Guide

lAruba Instant MIB Reference Guide

lAruba Instant Syslog Messages Reference Guide

lAruba Instant Release Notes

Conventions

The following conventions are used throughout this manual to emphasize important concepts:

Style Type Description

Italics This style is used to emphasize important terms and to mark the titles of

books.

System items This fixed-width font depicts the following:

lSample screen output

lSystem prompts

lFilenames, software devices, and specific commands when mentioned in

the text.

Commands In the command examples, this style depicts the keywords that must be

typed exactly as shown.

Table 1: Typographical Conventions

10 | About this Guide Aruba Instant 6.5.0.0-4.3.0.0 | User Guide

Style Type Description

<Arguments> In the command examples, italicized text within angle brackets represents

items that you should replace with information appropriate to your specific

situation. For example:

#send <text message>

In this example, you would type “send” at the system prompt exactly as

shown, followed by the text of the message you wish to send. Do not type

the angle brackets.

[Optional] Command examples enclosed in square brackets are optional. Do not type

the square brackets.

{Item A |

Item B}

In the command examples, items within curly brackets and separated by a

vertical bar represent the available choices. Enter only one choice. Do not

type the curly brackets or bars.

Table 1: Typographical Conventions

The following informational icons are used throughout this guide:

Indicates helpful suggestions, pertinent information, and important things to remember.

Indicates a risk of damage to your hardware or loss of data.

Indicates a risk of personal injury or death.

Contacting Support

Main Site arubanetworks.com

Support Site support.arubanetworks.com

Airheads Social Forums and

Knowledge Base

community.arubanetworks.com

North American Telephone 1-800-943-4526 (Toll Free)

1-408-754-1200

International Telephone arubanetworks.com/support-services/contact-support/

Table 2: Support Information

This manual suits for next models

Table of contents

Popular Wireless Access Point manuals by other brands

D-Link

D-Link DWL-2100AP - AirPlus Xtreme G Quick installation guide

Ubiquiti

Ubiquiti NanoStation NSM2 quick start guide

Cisco

Cisco Aironet 1550 Series Getting started guide

Advantek Networks

Advantek Networks AWN-AP-54MR user manual

IP-COM

IP-COM AP355 user guide

Buffalo

Buffalo AirStation WLA-L11G user manual

EnGenius

EnGenius EnStationACv2 user manual

D-Link

D-Link DAP-3662 Quick installation guide

xG Technology

xG Technology xMax CN1300 installation guide

Widelink

Widelink ezWave WAP-1100 Series user guide

Edimax

Edimax CAP1200 user manual

Ubiquiti

Ubiquiti LBE-5AC-Gen2 quick start guide

LuXout Shades

LuXout Shades LUXSHADE MOTION manual

CreatComm

CreatComm TB5F user manual

SineDigital

SineDigital MW-1500AP(H) installation guide

TP-Link

TP-Link AP9650 V1 Quick installation guide

Draytek

Draytek VIGORAP 902 user guide

EnGenius

EnGenius EAP350 user guide