NOTE: The failover will take up to three minutes.
4. The events such as time change and port flap, breaks the existing IPsec session and triggers a failover. The
new IPsec session is established with a backup controller. In such scenario, switch does not perform any
reachability test before selecting a controller to retry.
AirWave IP after discovery
AirWave IP and Aruba Controller IP (either from the Activate Server or from a DHCP server) are established and
auto configured in an IPsec-IPv4 Tunnel. Once received, the IPsec tunnel is auto configured and established to
send AirWave traffic securely. The Aruba Controller provides an inner-ip to the switch which then can
communicate with AirWave.
Configuring the Aruba controller
On the Aruba Controller, configure through CLI:
Procedure
1. Add the switch MAC address to whitelist for authentication. For more information, refer http://
www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/Control_Plane/
Whitelists_on_Campus_and_Remote_APs.htm
2. Add an IP address pool that can be assigned to switch after tunnel creation. The IP range must not overlap
with the interfaces IP on the controller.
ip local pool "ipsec" 2.0.0.100 2.0.0.255
3. Create access lists that permit AirWave traffic and assign them to ap-roles. It is required only if the controller
version is less than 6.5.2.0 or 8.1.0.0. If required, you can add specific acls such as sys-switch-role.
ip access-list session acl
any any tcp 22 permit
any any tcp 443 permit
user-role sys-switch role
access-list session acl
4. View the whitelist.
AirWave Controller IP configuration commands
aruba-vpn type
Syntax
aruba-vpn type amp peer-ip <IP_addr> backup-peer-ip <IP_addr>
no aruba-vpn type amp peer-ip <IP_addr> backup-peer-ip <IP_addr>
aruba-vpn type any peer-ip <IP_addr> backup-peer-ip <IP_addr>
no aruba-vpn type any peer-ip <IP_addr> backup-peer-ip <IP_addr>
Chapter 10 Zero Touch Provisioning with AirWave and Central 319
To Next Page
Loading...
Need help?
General