ArubaOS 8.X – configure communication between mobility master and managed devices (MD)/controllers

The Aruba mobility master structure is configured via folder hierarchy starting at the “managed device” level

The two options are to 1. add the folder structure. 2. add a controller. The first step is to build out the hierarchy. As the network is comprised of physical and virtual controllers I will define the folder structure as such.

Folders or controllers can be added via the GUI or CLI.

GUI:

The folder structure can also be viewed from the CLI by running the show configuration node-hierarchy command

CLI:

If you refresh the GUI you’ll see the two newly created folders. These folders will contain the configuration for the controllers

The mobility masters / controllers require license in order to be fully functional / terminate access points and push configuration. Licensing will be covered in a later blog post.

Adding the first managed device (MD) aka controller to the mobility master. The base configuration of the managed devices are similar to that of the mobility master’s base config.

Configure the managed device: hostname, IP address, ports, VLAN etc

In the screenshot above one of the important configurations is to point the mobility managed device to the mobility master and define the IPsec key that will be used to encrypt communication between the two devices. The mobility master was previously configured as follows:

Add the controller’s MAC address, hostname to the mobility master via the GUI. The MAC address info can be gathered by running the “show inventory command”

Once the managed device has been added, verify communication from the CLI of the mobility master and the controller. This can be done via SSH into both devices. The configuration state should be “update successful” and the configuration IDs should match.

One key point is that once the managed device is “logically” attached to the mobility master no configuration changes can be made on that device.

ALL configuration changes MUST be made on the mobility master it self either from the CLI or GUI.

To view configuration on the managed device from the CLI of the mobility master the mdconnect or logon command will be used. Think of the mdc or logon as direct SSH into the managed device from the CLI of the mobility master.

Run the show configuration node-hierarchy to retrieve the list of devices that are managed by the mobility master:

Once you have retrieved the list of devices you will “change directory” into the controller/managed device in question. In this case r7102vwlc0001.

Once you change directory (cd) into r7102vwlc0001 and run the mdc aka mdconnect command you will notice that the prompt changed from vMM0001 to r7102vwlc0001 as indicated by numbers 1 and 2 in the image above. I am now connected/logged on directly to r7102vwlc0001 and can view the configuration on the device

as previously mentioned the same task can be achieved by using the logon command. The key difference between mdconnect (mdc) and the logon feature is that mdc can use either the MAC address or hostname of the device while logon will use the IP address.