1. ARUBA 無線網路教育訓練
蔡億慶

2. Agenda
設備外觀介紹
基礎操作介面介紹
運作原理說明
無線網路基本設定
Mesh 設定
AP 設定
除錯及查看訊息
Q&A

3. 設備外觀介紹

4. 機器外觀介紹
Aruba controller 620

5. 機器外觀介紹
AP 125 天線
PoE Ethernet
AP 125

6. 基礎操作介面介紹

7. 基礎操作介面介紹 Monitoring Configuration Diagnostics Maintenance Plan Events
Reports

8. 基礎操作介面介紹
Monitoring -Network -Controller -WLAN -Voice -Debug

9. 基礎操作介面介紹
Configuration -Wizards -Network -Security -Wireless -Management -Advanced Services

10. 基礎操作介面介紹
Diagnostics -Network -General -Access Point

11. 基礎操作介面介紹
Maintenance -Controller -File -WLAN

12. 運作原理說明

13. L2 Deployment
In a L2 deployment, WLAN controller acts as an Ethernet bridge
After authentication, frames from client are bridged onto L2 network
802.1q VLANs can be used
Clients can all be on same VLAN
Client can be assigned to VLAN based on ESSID, location, or authentication result (802.1x)
Uplink ports can be 802.1q tagged
Or a different physical uplink port can be used per VLAN
Address assignment through external DHCP server normally (internal DHCP server available)
Client broadcasts for DHCP, controller bridges the broadcast on user’s VLAN

14. Theory of Operations VLAN 14 10.1.11.36 AP4/2nd Floor 10.1.11.42
Second Floor
AP3/2nd Floor
AP4/2nd Floor 11
VLAN 14
First Floor
AP1/1st Floor
AP2/1st Floor 10
Data Center 14
VLAN 14: /24
loopback: /32
DHCP

15. Theory of Operations VLAN 101 VLAN 100 150-200 Users per VLAN
Second Floor
AP4/2nd Floor 11
VLAN 101
VLAN 100
AP3/2nd Floor
First Floor
AP2/1st Floor 10
AP1/1st Floor
Layer 3 Switch
vlan 100: /24
vlan 101: /24
Data Center 14
802.1q
14, 100, 101
Mobility Controller
vlan 14: /24
loopback: /32
vlan 100
vlan 101
ap group “1st Floor”
vlan 100
ap group “2nd Floor”
vlan 101
DHCP

16. Theory of Operations GRE 14 100 10.1.11.36 AP4/2nd Floor DHCP Request
Second Floor
GRE
AP4/2nd Floor 14
100
SIP: 10.96
DIP: 14.7
DHCP Request
802.3
802.11
802.3 11
AP3/2nd Floor
First Floor
AP2/1st Floor 10
AP1/1st Floor
Layer 3 switch
VLAN 100: /24
VLAN 101: /24
Data Center 14
802.1q
14, 100, 101
Mobility Controller
VLAN 14: /24
loopback: /32
VLAN 100
VLAN 101
ap group “1st Floor”
vlan 100
ap group “2nd Floor”
vlan 101
DHCP

17. Theory of Operations GRE 14 100 10.1.11.36 DHCP Reply AP4/2nd Floor
Second Floor
GRE
AP4/2nd Floor 14
100
SIP: 14.7
DIP: 10.96
DHCP Reply
802.3
802.11
802.3 11
AP3/2nd Floor
First Floor
AP2/1st Floor 10
AP1/1st Floor
Layer 3 switch
VLAN 100: /24
VLAN 101: /24
Data Center 14
802.1q
14, 100, 101
Mobility Controller
VLAN 14: /24
loopback: /32
VLAN 100
VLAN 101
ap group “1st Floor”
vlan 100
ap group “2nd Floor”
vlan 101
DHCP

18. Theory of Operations GRE 14 10.1.11.36 AP4/2nd Floor 10.1.11.42
Second Floor
AP4/2nd Floor 11
AP3/2nd Floor
GRE
First Floor 14
100
SIP: 11.42
DIP: 14.7
DHCP Renew
802.3
AP2/1st Floor
802.3
802.11 10
AP1/1st Floor
Layer 3 switch
VLAN 100: /24
VLAN 101: /24
Data Center 14
802.1q
14, 100, 101
Mobility Controller
VLAN 14: /24
loopback: /32
VLAN 100
VLAN 101
ap group “1st Floor”
vlan 100
ap group “2nd Floor”
vlan 101
DHCP

19. Theory of Operations GRE 14 10.1.11.36 AP4/2nd Floor 10.1.11.42
Second Floor
AP4/2nd Floor 11
AP3/2nd Floor
GRE
First Floor 14
100
SIP: 14.7
DIP: 11.42
DHCP Reply
802.3
802.11
802.3
AP2/1st Floor 10
AP1/1st Floor
Layer 3 switch
VLAN 100: /24
VLAN 101: /24
Data Center 14
802.1q
14, 100, 101
Mobility Controller
VLAN 14: /24
loopback: /32
VLAN 100
VLAN 101
ap group “1st Floor”
vlan 100
ap group “2nd Floor”
vlan 101
DHCP

20. 無線網路基本設定

21. 登入Controller
使用GUI default IP address :
使用CLI 將console 控制線接至controller serial port serial setting n 1

22. Groups and Properties AP Group Wireless LAN RF Management AP QoS IDS
Virtual AP
Properties
a/g Radio
Settings
System Profile
VoIP
SSID RF
Optimizations
Ethernet
a/g Management
AAA
Regulatory
Virtual AP
Properties
SNMP
SSID
AAA

23. Profiles (cont.)

24. 設定範例
在實驗室中，為了安全考量，SSID分類為 student：WPA2-PSK Guest：web authentication，不能存取student vlan
Vlan 分配： student ：Vlan 1 IP /24 Guest ：Vlan 11 IP /24

25. 範例架構說明 無線存取架構 Internet 2.4 or 5 Ghz 192.168.1.250/24 192.168.1.254/24
Firewall or IP sharing
Switch
Internet
/24
/24
2.4 or 5 Ghz
/24

26. 設定步驟 新增student and Guest Vlan 、IP、DHCP 新增student及Guest SSID
設定student 屬性、role
設定Guest firewall policy、role
新增student及Guest aaa profile
新增student及Guest Virtual AP profile
新增Group
新增AP

27. 新增student and Guest Vlan
Network->Vlan->add
新增Guest vlan 11，選擇2-3為access port
Apply

28. 設定student Vlan IP 設定vlan 1 IP address 下圖紅框 Apply 1 192.168.1.254

29. 設定Guest Vlan IP 設定vlan 11 IP address 下圖紅框1 下圖紅框2，啟用NAT Apply 11 2 1 3

30. 新增Guest DHCP 4 1 5 2
Guest 3

31. 新增 student及Guest SSID 先在藍框處輸入 SSID-student->Add
新增完SSID-student，在藍框處輸入SSID-Guest->Add

32. 編輯 student SSID
點選SSID-student->編輯內容 1 2 3 4

33. 編輯Guest SSID
點選SSID-Guest->編輯內容 1 2 3

34. 設定Guest firewall policy1 2 3
新增阻斷存取 /24 ACL
新增上網連線ACL

35. 設定Guest firewall policy、role

36. 編輯Guest role
編輯Guest role

37. 編輯Guest role
新增deny_student policy 1
編輯Guest role 2 3

38. 編輯Guest role 4 5
設定Captive portal profile :default

39. 新增student及Guest aaa profile
先在藍框處輸入 AAA-student->Add
新增完AAA-student，在藍框處輸入AAA-Guest->Add

40. 編輯student aaa profile 點選AAA-Student->編輯內容
將authenticated role 套用至AAA-Student profile，802.1x authentication default role 1 2 3

41. 編輯student aaa profile 設定802.1x authentication profile 選擇default-psk 23

42. 編輯Guest aaa profile 點選AAA-Guest->編輯內容
將guest role 套用至AAA-Guest profile Intial role 1 2 3

43. 新增student及Guest Virtual AP profile
先在藍框處輸入 VAP-student->Add
新增完VAP-student，在藍框處輸入VAP-Guest->Add

44. 編輯VAP-Student profile
新增VAP-Student VLAN 1 1 2 3

45. 編輯VAP-Student profile
設定VAP-Student AAA profile
選擇AAA profile AAA-student 2 1 3

46. 編輯VAP-Student profile
設定VAP-Student SSID profile
選擇SSID profile SSID-student 2 1 3

47. 編輯VAP-Guest profile
新增VAP-Guest VLAN 11 1 2 3

48. 編輯VAP-Guest profile 設定VAP-Guest SSID profile 選擇SSID profile SSID-Guest
設定VAP-Guest AAA profile
選擇AAA profile AAA-Guest 1 2 3

49. 新增Group
新增AP Group:5F-study
編輯5F-study 2 3 1

50. 編輯5F-study
新增VAP-Student and VAP-Guest 1 2 3

51. 設定AP
將AP加入Group 1 4 5 2 3

52. 設定AP 1 2

53. 3
4修改AP name 5

54. MESH 設定

55. 範例架構說明 Mesh架構 Internet 2.4Ghz 5Ghz 192.168.1.254/24 192.168.1.249/24
Firewall or IP sharing
Internet
5Ghz
2.4Ghz
/24
/24
/24
/24
/24

56. 設定步驟
設定mesh profile
新增Group
設定AP
查看mesh 訊息

57. 設定Mesh profile
新增Mesh Profile
設定加密:wpa2-psk-aes 1 2 5 3 6 4 7

58. 編輯Mesh Radio Profile
Reselection mode: 1、reselect-anytime 2、reselect-never 3、startup-subthreshold 4、subthreshold-only
Metric algorithm: 1 、 best-link-rssi 2 、distributed-tree-rssi

59. 新增Mesh Group

60. 編輯Mesh Group 1 3 2 4
新增Mesh Profile

61. 設定AP
新增Mesh AP
將AP加入Mesh Group 1 4 5 2 3

62. 設定Mesh AP
選擇AP Group :mesh 1

63. 設定Mesh portal 設定Mesh point 2設定mesh portal及mesh point IP setting 5 3 4

64. 觀察Mesh AP狀態

65. 觀察Mesh AP狀態
觀察Mesh Point topology

66. 觀察Mesh AP狀態
使用CLI觀察Mesh AP狀態 #show ap mesh topology #show ap mesh active

67. AP 設定

68. Concept Review: AP Boot Process
Acquire IP Address
“Discover” a controller
Update code if necessary
Obtain configuration information
Build GRE
Enable radio

69. AP 開機畫面
請在二秒內按enter

70. AP setting command 清空指令 purge
修改ap 的ip setenv ipaddr x.x.x.x setenv netmask x.x.x.x setenv gatewayip x.x.x.x setenv name xxx
存檔save
顯示設定print
重開 boot

71. 除錯及查看訊息

72. 查看AP 狀態

73. 查看Cilent

74. 備份設定檔及更新韌體

75. 備份設定檔 備份startup config至tftp server 1
Ip address:x.x.x.x File name: xxxx.cfg 3

76. 回復設定檔 1 2 3

77. 更新韌體
檢查目前韌體使用的boot partition

78. 更新韌體 1 2 3 4

79. Q&A

80. Thank you !!