ACMP, Aruba Campus Access – Building Blocks – Terminology

By adminAruba ACMP, Aruba Campus Access Fundamentals, Aruba Mobility Conductor, Aruba Mobility Master 8.x, Implementing Aruba Campus Access,
show-profile-hierarchy-2Download

High-Level Groups and Profiles

AP Groups

  • An AP group is a set of APs to which the same configuration is applied.
  • There is an AP group called “default,” to which all APs discovered by the controller are assigned. By using the “default” AP group, you can configure features that are applied globally to all APs.
  • I prefer creating new AP groups based on specific needs/requirements.
  • In the Aruba user-centric network, each AP has a unique name and belongs to an AP group.
    • It is important to know that you can create additional AP groups and assign APs to that new group. However, an AP can belong to only one AP group at a time.
  • Each AP is identified with an automatically derived name. The default name depends on if the AP has been previously configured.
    • The AP has not been configured – the default AP name is the AP’s Ethernet MAC address in colon-separated hexadecimal digits.
    • Previously configured via white-listing or moved from a different environment.
  • Renaming an AP requires a reboot of the AP before the new name takes effect.
  • While you can use an AP group to apply a feature to a set of APs, you can also configure a feature or option for a specific AP by referencing the AP’s name. Any options or values that you configure for a specific AP will override the same options or values configured for the AP group to which the AP belongs.
  • Although you will assign an AP to an AP group when you first deploy the device, you can assign an AP to a different AP group at any time.
  • When you create an AP group with the CLI, you can specify the virtual AP definitions and configuration profiles you want applied to the APs in the group.
An Example AP group and the associated profiles.

WLAN Profile > Virtual AP

  • APs advertise WLANs to wireless clients by sending out beacons and probe responses that contain the WLAN’s SSID and supported authentication and data rates.
  • When a wireless client associates to an AP, it sends traffic to the AP’s Basic Service Set Identifier (BSSID), which is usually the AP’s MAC address.
  • In the Aruba network, an AP uses a unique BSSID for each WLAN.
  • Thus, a physical AP can support multiple WLANs.
  • The WLAN configuration applied to a BSSID on an AP is called a virtual AP. You can configure and apply multiple virtual APs to an AP group or to an individual AP by defining one or more virtual AP profiles.

AP System Profile

One of the most important profiles is the “AP system profile,” in which AP defines administrative options for the primary and backup LMS IP address. The LMS IP directs the AP to its primary controller.

Profiles

  • An AP configuration profile is a general name to describe any of the different groups of settings that can defined, saved, and applied to an Access Point.
  • ArubaOS has many different types of profiles that each allow you to configure a different aspect of an AP’s overall configuration.
  • ArubaOS also contains a predefined “default” profile for each profile type. You can use the predefined settings in these default profiles or create entirely new profiles that you can edit as required.

Authentication Profile

  • Defines parameters that are used for the authentication process.

AAA Profile

  • The AAA profile defines the user role for unauthenticated users, the default user role for MAC, PSK, 802.1X authentication, and user derivation rules.
  • The AAA profile contains the authentication profile and authentication server group.
  • This profile includes references to:
    • MAC Authentication Profile
    • MAC Authentication Server Group
    • 802.1X Authentication Profile
    • 802.1X Authentication Server Group
    • RADIUS Accounting Server Group

SSID Profile

  • A Service Set Identifier (SSID) is the network or WLAN that is broadcast to the client devices.
  • An SSID profile defines the name of the network, the authentication type for the network, basic rates, transmit rates, SSID cloaking, and certain WMM settings for the network.

The show references command

  • Before making changes to a profile, it is important to know where the profiles are applied and what will be affected by the configuration change.
  • The show command can be performed on the mobility controller and is used to list a specific type of profile.
  • The output will reference how many times the profile is used.
[MDC] #show aaa server-group

Server Group List
-----------------
Name                     References  Profile Status
----                     ----------  --------------
default                  25
EAP-TLS-CORP-2_SG        1
internal                 2           Predefined
TACACS-SG                0

[MDC] #SHOW wlan virtual-ap

Virtual AP profile List
-----------------------
Name            References  Profile Status
----            ----------  --------------
AX-VAP          1
default         0
EAP-TLS-CORP    1
WIFI6E          1

    The next post will clearly outline how the pieces fit together.

    Basic steps on how to configure the Mobility Conductor can be found here.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.