Exploring Mesh with an AP-205H

Note: All APs used for this are actually IAP units, which can run with either the Aruba Instant controller or a campus controller. Campus APs prior to the more recent unified SKUs cannot connect to an Aruba Instant controller.

After Wireless Field Day 8, Aruba, a Hewlett Packard Enterprise Company™, generously provided the delegates with a variety of hardware to take a look it. It was quite the spread and a very impressive sampling of products. One of the devices I particularly like is the AP-205H 802.11ac access point. The AP-205H is intended for both hospitality and remote worker deployments. It can be powered through PoE, has 4 Ethernet ports, and can even provide up to 10W of power to another PoE device. It can be wall mounted, ideally at on a wall plate using the Ethernet port on the rear for uplink, or desk mounted with a stand.

I can see this unit being great in dorms, study rooms, and in hotels, however I decided to try something a bit different and turn it into a wireless bridge for my media devices. I have a home theater PC, a Roku, and a PS3 connected to the living room TV. The PC connects using a flaky 802.11ac USB adapter, the Roku has built-in 802.11n, and the PS3 only supports 802.11g. In my neighborhood, 2.4GHz is typically at 70% or more airtime usage, so performance leaves a bit to be desired. This would make moving everything to 5GHz a big win, as well. By moving all the devices to a mesh connected AP, we can reduce channel contention, move everything to 5GHz, and improve the overall network performance for all the devices. Also of important note, there is both an AP-205H and an AP-205. These have different form factors, so don’t forget the ‘H’! That said, you could also use the AP-205 to make a wireless bridge.

205 vs 205H

Given an existing IAP deployment, the first thing to do is add the AP-205H to the wired network so it can join the virtual controller. This did not work for me at first because the version of code on my VC was older than what the 205H required. I upgraded the firmware on both the 205H and the 225 I’m using as an uplink so they were on the same version. I had to upgrade them anyway, since the 802.11ac APs require 6.4.3.1-4.2.0.0 or later to support mesh operation. Worth noting is that Aruba Instant 4.1 and later default to having Extended SSID enabled, which will disable mesh operation. You may need to disable that feature to use mesh. This comes with the minor caveat that with Extended SSID disabled you are limited to creating six networks, but you weren’t going to do that, anyway.

Disabling Extended SSID

After all the settings are in order and the 205H joins the controller and synchronizes the VC configuration, switching to mesh operation is easy. Just disconnect the wired uplink and wait. After a couple minutes you’ll see that the AP has rejoined the controller using Wi-Fi for the uplink. However, there’s still a couple more changes to make before you connect wired devices to the mesh AP. If you connect a device to Ethernet ports 1-3 at this point, that device will obtain a controller provided IP address and may be stuck behind a nonexistent captive portal. If you connect a device to Ethernet 0, you’ll find the mesh is disabled since the AP will just believe the wired uplink has just returned.
To enable the Ethernet 0 port to be used as a downlink port, select the AP in the virtual controller and edit it. Under the Uplink tab, you want to enable “Eth0 bridging.” You may need to reboot the AP for this to take effect.

Enabling Eth0 Bridging

To make sure your wired ports are bridging to the wireless, you also need to configure the rules for wired ports. This is accessed in the VC under the More menu and selecting the Wired option.

Wired Settings

Now you can either create a new wired network profile or do what I did and just update the “default_wired_port_profile.” The correct settings are dependent on your environment and goals, but for this instance simplicity works fine. You also need to assign the wired ports to use the new/updated profile(s). Notice that the devices I have on my wired ports are listed in the Wired Users window.

Wired Profile Settings

Once your ports are set, you can edit your profiles to operate as you see fit. In the Wired Settings tab, make sure the ports are admin up and that the uplink setting is set to disabled.

Wired Settings

In the VLAN tab, make sure Client IP assignment is set to “Network assigned” unless you are using the VC’s internal DHCP server.

Client IP Assignment

Now you can connect wired clients to the AP’s Ethernet ports and they will connect to the network through the Wi-Fi uplink. In mesh mode, the AP will continue to provide service to wireless clients, so you can also extend coverage in this way.

I hope you find this a useful little guide. This was a fun little project to solve a small problem. It helped me learn a bit about mesh operation in an Instant deployment and challenged me to implement something I’d not done before. That’s a great way to learn new things. Just pick something you haven’t done before and do it!

FIN

ArubaOS 8: VMC and AirMatch

As part of Mobility Field Day Live, I had the opportunity to visit Aruba, a Hewlett Packard Enterprise Company at their Executive Briefing Center in Sunnyvale to learn about their newly introduced Mobile First platform. The foundation for the platform is ArubaOS 8, which is a major new release with a long list of new features that will give you flexibility in your deployments.
Let’s start with the Virtual Mobility Controller (VMC). This is a virtual wireless controller that includes feature parity with the hardware controllers. Yes, that really does include the data plane. I’m told that the only real bottleneck is throughput and they are seeing 4-5Gbps on your average VM host, which sounds pretty reasonable. If you need more throughput, you can scale out with more VMCs or you can still go with hardware controllers. The physical controllers have hardware acceleration for the encryption processes, which is why a big controller like a 7240 can push as much as 40Gbps.

The way Aruba has chosen to license the VMC makes scaling with it easy, at least assuming you have the VM hosts around to accommodate them. The Virtual Mobility Controller is licensed by the number of APs managed by the Mobility Master, not the APs managed by individual controllers. You can license the VMC in groups of 50, 250, or 1000 APs, but if you install a VMC in standalone mode you must apply the license directly to the controller and lose the ability to share the licenses. This means that if you have 1000 AP licenses attached to your Mobility Master, you can attach any number of VMCs to the Mobility Master so long as your total AP count does not exceed the license. This gives you the flexibility to add additional controllers when and where you need them. Currently, only VMware is supported, but KVM support will be coming with ArubaOS 8.0.1.

Since I mentioned the Mobility Master, let’s look into that a bit more closely. The Mobility Master is the next generation of the Master Controller. The Mobility Master can be an x86 hardware appliance or a VM. The Mobility Master gives you the ability to move services out of the wireless controller so that these services do not impact network performance. In fact, some services are only available when you have a Mobility Master available. AirMatch is Aruba’s new RF optimization technology aimed at improving spectrum reuse in high density WLANs. Due to the processing power required, you only get it if you are using a Mobility Master. AirMatch looks at groups of 50 APs and use statistics from the last 24 hours to determine the best AP power levels, channel plan, and channel width for the network. This is a much more powerful than ARM. Here’s a quick side by side comparison:

AirMatch and ARM Comparison

So how does this actually work? Every half hour, each AP will measure the RF environment for 5 minutes. During the day, these measurements are collected by the Mobility Master. At 5am every morning, the Mobility Master will churn through the numbers from the last 24 hours to determine the optimal channel plan for all the APs and deploy those changes to the network. There are two exceptions to this. First, when an AP is first detected by the Mobility Master, it will recalculate that APs channel and power settings every 30 minutes for the first eight hours. After that, the new AP is on the same schedule as the rest of the network. The second exception is in the case of a DFS event or significant interference. In either of these cases, the AP can change channels on its own. If you want to see the changes that the Mobility Master is making, you can view some of the details in the AirWave Network Management console.

This really only scratches the surface of what’s happening with the Aruba’s Mobile First Platform launch. Updates to Aruba Central to manage ArubaOS switches, Aruba Clarity for proactive monitoring, ClearPass Extensions that enable third party development, APIs for developers to create detailed analytics and much more. Aruba has released a lot of exciting enhancements that will be the foundation of your networks for years to come.

FIN

Disclosure: As a delegate for MFD Live with Aruba, Aruba indirectly paid for my travel and meals during the event and also compensated me for my time to write this post. This post is still my opinion and only I have editorial control of the contents. This stuff genuinely is exciting! Aruba did request I use their tracking links, which seemed like a reasonable request.