Blog

How to Setting Aruba Controller Correctly

Here How to Setting Aruba Controller Correctly!
26
Jul
Aruba Controller – In today’s era, technology will be more advanced along with the times. There will be many manufacturers that make various kinds of smart hardware or software with various features and each have their own advantages. With these various advantages that make one brand different from other brands. WLAN is no exception.
Aruba is one of the manufacturers for various kinds of software and hardware related to networks including for security and storage, one of its most famous products is of course WLAN.
Does Aruba have this product? of course have! And how do I set up Aruba Controller? Let’s discuss!

Get to know WLAN Controller

As the demand for Wi-Fi access increases, more and more wireless Access Points (APs) are used in networks to ensure signal coverage in campuses, schools, or organizational buildings, which makes network operation & maintenance difficult for administrators.
Wireless Access Controllers (ACs) are here to solve this bottleneck by running and managing these multiple wireless access points. Wireless Access Points (APs) have lost their intelligent characteristics, Wireless Access Controllers are turning into the new brains for WLANs.
Wireless LAN Controller (WLC) is a centralized device in a network that is used in conjunction with the Lightweight Access Point Protocol (LWAPP) to manage a large number of lightweight access points by network administrators or network operations center.

Components of WLAN

There are several components of a WLAN, including:

Mobile or Desktop PC

Wireless LAN users operate multiple devices, such as PCs, laptops, and PDAs. The use of a wireless LAN to a stationary PC network is beneficial because of the limited need for cables. Laptops and PDAs, however, are usually equipped with wireless LAN connectivity due to their portable nature.
The user’s device may also consist of specialized hardware. For example, barcode scanners and patient monitoring devices often have wireless LAN connectivity.

Access Point

Access points contain radio cards that communicate with individual user devices on a wireless LAN, as well as wired NICs that connect to distribution systems, such as Ethernet.
The software system in the access point bridges the wireless LAN and the distribution side of the access point. The systems in this software differentiate access points by providing different levels of management, installation, and security functions.

WLAN Interface

The WLAN interface acts as an access point (AP) that the client can use to connect to the node. The interface can provide connectivity from the AP to the WLAN gateway (GW) server for WLAN users and access, and for WLAN mobility management.

Antena

The antenna on the WLAN is for transmitting signals. Of course it is very important to include; wider area. With a good and correct antenna position, the WLAN can cover many devices by transmitting signals.

LWAPP is

LWAPP stands for Lightweight Access Point Protocol. This LWAPP is used to define the AP authentication process with the controller, distribute firmware and configuration, and define transport headers for LWAPP traffic.

LWAPP mechanism in network

If you want to know the mechanism of LWAPP in the network, of course it has something to do with the WLAN controller. LWAPP must first register to WLC (Wireless-LAN Controller). The method is as follows:
  1. LAP sends DHCP discover packet to get IP Address from DHCP Server, unless LAP has been set to use Static IP.
  2. LAP then sends LWAPP discovery request messages to WLC.
  3. WLCs that receive LWAPP discovery request messages respond with LWAPP discovery response messages.
  4. From the LWAPP discovery response received by LAP, LAP selects WLC for registration.
  5. LAP then sends an LWAPP join request to WLC and waits for an LWAPP join response.
  6. WLC validates LAP and sends LWAPP join response to LAP.
  7. LAP validates WLC, which completes the discovery and join process. The LWAPP join process includes mutual authentication and encryption key derivation, which will be used for security in the join process and future LWAPP control messages.
Then, how to LWAPP discovery request to WLC?
  1. LAP sends DHCP request to DHCP Server to get IP Address, unless LAP has been set to use Static IP.
  2. If layer 2 LWAPP mode is supported by LAP, LAP will broadcast LWAPP discovery messages in layer 2 LWAPP frames. WLC connected to the network and configured with layer 2 LWAPP mode will respond with a layer 2 discovery response. If the LAP does not support layer 2 mode, or if WLC or LAP fails to receive an LWAPP recovered response to the layer 2 LWAPP discovery message broadcast, the LAP will proceed to step 3.
  3. In step when, LAP will start layer 3 LWAPP WLC Discovery.
  4. If step 3 fails, return to step 1.

How WLAN Controller Works

After you already know the various components of WLAN and also know a little bit about LWAPP, now maybe you are still confused about how the WLAN controller works.
Let’s just keep it simple.
The WLAN controller manages the wireless network entry points that allow wireless devices to connect to the network.
What a wireless access point does for your network is similar to what an amplifier does for your home stereo. It takes the bandwidth coming from the router and stretches it so that multiple devices can connect to the network over greater distances.

Features

There are several features that exist in the WLAN controller, of course, these various features are different for each brand. However, this time it will be discussed in general only.
  • Interference detection and avoidance; the RF power and channel assigned will be matched as planned.
  • Load Balancing; control is disabled by default. High-speed load balancing can be applied to link users to multiple access point gateways for greater coverage and data rates.
  • Coverage Hole Detection and Correction; part of RF control that handles power levels (power levels). Power can be increased to cover the “holes” or decreased to protect against overlapping cells.
  • The WLAN controller is also equipped with various authentication models, such as 802.1X (Protected Extensible Authentication Protocol (PEAP), LEAP, EAP-TLS, WiFi Protected Access (WPA), 802.11i (WPA2), and Layer 2 Tunneling Protocol (L2TP).

Background of the emergence of WLAN Controller

The existence of a WLAN controller, of course, begins with problems related to the performance of the WLAN.
At first, many large agencies used wireless network connections. However, the bigger it is, the more complicated it will be how to control various access points and also maintain them one by one, of course, this is a very complicated thing. Moreover, users are not just one or two, but there are tens, hundreds, or even thousands.
With this WLAN controller, network admins no longer need to bother logging in and setting one access point at a time.

What Happens When There Is No WLAN Controller

What happens when there is no WLAN controller for a very large wireless network is the hassle of the network admin if there is a problem with one of the access points. They have to check one by one access point.
Of course, this is a very complicated thing, because managing a very large network requires a quick and easy solution.

What are the advantages of using a WLAN Controller

There are many advantages that can be obtained by using a WLAN controller, of course with different brands you can get different features or benefits, such as using a WLAN controller from Aruba Controller.
However, we will discuss the overall advantages of using a WLAN controller on a wireless network that you own or manage.
  1. Using the Wireless Controller allows you to provide centralized management of the wireless network.
  2. With the help of Wireless Controller we can configure all access points at once.
  3. Single Network exit/entry point for client traffic providing security.
  4. Access points that are not connected to the Wireless Controller cannot provide services to clients.
  5. The Wireless Controller can authenticate the AP to prevent the rouge access point from being on the network.
  6. Client devices can roam seamlessly in the wireless network.
  7. The Wireless Controller acts as an authenticator, so you must configure one device instead of 100 to handle authentication.
  8. Wireless Controller allows access points to share RF information.
  9. Can easily add access point to Wireless network. And after connecting to the wireless controller, it can start working.

About Aruba Controller

Aruba is a company engaged in the field of network and network security. Aruba has been acquired by Hawlett Packard Enterprise (HPE) since 2015. Aruba, which is the leader in the Gartner Report, presents some of its innovative wireless solutions.
His various breakthroughs have made businesses of various scales more efficient and also more optimal.

Aruba Controller Wireless Network

Aruba Controller wireless technology offers flexibility with 3 implementation options, namely:
  1. Controller-based, where all access point management is centralized in one wireless controller, so that all existing wireless networks can be integrated and easy to carry out monitoring.
  2. Controllerless (Instant Access Point) where the Access Point can be a semi controller to manage some APs and clustering in a small scope.
  3. Aruba Central, designed to simplify deployment, management and optimization of Wireless, LAN, VPN and SD-WAN on a large scale focused on the Aruba Cloud environment.

Aruba Controller Wired Network

Aruba provides many switch options for various purposes from Managed Switches and Unmanaged Switches, to layer 2 to layer switch needs. Then when you buy an Aruba switch, you don’t need to buy an additional license for each switch you buy.

Clearpass

ClearPass Aruba is a network access control solution that aims to manage and manage who and what devices can access your company’s LAN/WLAN network, starting from employees and guests who come to your company.
This is quite risky considering that currently many companies whose employees bring their own work tools, such as tablets, cellphones and laptops, so ClearPass is really needed to maintain the security of your company network and increase protection against attacks/interferences that might affect your office network either from inside or outside.

How to Set Aruba Controller

With these advantages, you no longer need to hesitate to choose Aruba Controller.
After you decide to buy it, there is something you need to pay attention to again, is how to set up the Aruba Controller.
Actually the method is quite easy, this is one of the advantages of choosing an Aruba Controller, with very good performance, the configuration is very easy.
Perhaps as an example, you have a network like this:

1

2 Static Routes created in FortiGate to route 192.168.200.0/24 to Aruba VMC (192.168.1.240)

Aruba Controller Preparation

  1. Download Aruba Virtual Mobility Controller – ArubaOS_VMC_8.6.0.3_74788.ova
  2. Convert OVA to OFV and import to ESXi 6.7 Host with PowerCLI
  3. 3x CPU, 4GB RAM, 4GB and 6GB HDD and 2 x vNIC required for Aruba VMC
    2

Aruba Controller Initial Settings

  1. Turn on Aruba VMC and select Full Setup
    3
  2. Select Switch Role = Standalone and other information, such as System Name, IP Address, Country Code, and Time Zone when prompted. Click Yes to accept the changes to complete the initial configuration.

  3. Login to with the credentials specified during initial setup.

License Evaluation

  1. Request an Evaluation license from a local Aruba Distributor, and you will receive an Email with a Certificate ID as below:

  2. Login to Aruba License Management System activate license with Certificate ID & Passphase

  3. Select Virtual Mobility Controller, and enter **Passphrase and Certificate ID

Add license to Aruba Controller Aruba VMC using CLI:

 

  • The MC-VA-XX license is a shareable license required to stop the AP on the virtual controller
  • An AP license is required for every operational, mesh, or remote LAN-connected AP that advertises at least one BSSID (virtual AP).
  • One operational AP that uses one or more Policy Enforcement Firewall (PEF) features, such as intelligent application identification, policy-based traffic management and control, or a steateful user firewall.

Convert Aruba Controller 315 To Campus AP

  1. Convert Aruba IAP to Campus AP with controller IP Address

  2. Verify that the Access Point is registered in the Aruba VMC database now

  3. Create an AP Group named LAB

  4. Whitelist the AP’s mac address and approve it by associating it to the AP Group

VLAN, IP Interface And DHCP Pool

  1. Create a new VLAN 200 and IP Interface

  2. Create DHCP Pool for VLAN 200 with smaller subnet

  3. You will get below error message if you try to create DHCP Pool with more than 256 hosts (/24)

DHCP Relay

Don’t create DHCP Pool in Aruba VMC, and configure DHCP Helper on VLAN interface as below:

  1. Configure Aruba VMC port as trunk port

  2. Configure Helper IP Address on Interface VLAN 200

AAA Authentication Profile

Create a new AAA Authentication profile

SSID Profile With WPE3 Authentication

Buat Profil SSID baru dengan WPE3. Sebagai catatan, WPE3 hanya support untuk tunnel mode.

 

Virtual AP

Create a new Virtual AP and add it to the AP group

Testing Aruba Controller on Windows 10

Windows 10 connected to SSID=UAT successfully and obtained IP Address 192.168.200.2/24
Get IP Address from DHCP Server (192.168.1.230) with DHCP Helper Address configured.


Get IP Address from Aruba VMC

Conclusion

That’s the information about the Aruba Controller and how to set it up. For more information, you can visit the NETDATA web page. NETDATA also officially sells various products from Aruba at affordable prices because it is an official partner of Aruba.

 

Loading

Leave a Reply

Your email address will not be published. Required fields are marked *

Semua operasional PT. Network Data Sistem akan menggunakan domain nds.id per tanggal 8 Mei 2019. Semua informasi/promosi dalam bentuk apapun selain menggunakan domain nds.id bukan tanggung jawab PT. Network Data Sistem Dismiss