Within Hewlett Packard Enterprise,

Networking Has Been Consolidated Under

Aruba
Initializing the controller

The following information is needed to complete the Controller Wizard

Basic Information
• Hostname
• Country code
• Passwords
• Time/date
• Licenses
• VLANs and VLAN Interfaces
• Ports

2
Initializing default the controller

1. Connect your Laptop to the controllers serial console port.

a. Enter
b. Insert “full-setup”
2. When the default initial startup script starts, enter the following information:
a. Hostname: (use default name)
b. Controller role: Master (note: you can just hit enter as this is the default)
c. IP address of the controller: 172.16.0.254 (this is the default)
d. Subnet mask: 255.255.255.0 (this is the default)
e. Default gateway: <none>

3
Initializing default the controller

f. Do you with to configure IPV6 address on VLAN 1 (yes|no) [yes]: NO

g. Country code: ID (or yes if you are restricted to US)
h. Type yes to accept if you were not restricted
i. Press Enter to accept the next three default options (time and date)
j. Admin password: admin123 (for example)
k. Confirm the admin password: admin123 (for example)
l. Enable password: admin123 (for example)
m. Confirm the enable password: admin123 (for example)
n. Shutdown ports: no
o. Do you wish to accept the changes (yes|no) yes

The controller will now reboot with a very basic configuration.

4
Initial Controller Parameters
1. Connect to your controller, via the WebUI, using your browser at 172.16.0.254.
2. Log on with the credentials you.
3. Navigate to the Configuration tab then click on Controller wizard.
4. Complete the Basic Information for this controller as follows:
a. Name: Controller
b. Country Code: ID
c. Password for user “Admin”: admin123 (for example)
d. Password for Enable Mode Access: admin123 (for example)
e. Date and time: current date and time
f. Timezone: current time zone

5
Configure Control Plane

For Next step AP provision you must disable Control Plane Security
1. Open a browser page to your controller.
2. To configure the employee WLAN, navigate to Configuration -> Control Plane
Security
3. Choose disabled, then apply

6
Initial Controller Parameters

7
Controller Licenses
5. Click Next to get to the license wizard.
6. Enter license then click “add”.
7. Click NEXT to get to the VLAN and IP configuration wizard.

8
 Connectivity: VLAN, IP interfaces
This information would be coordinated with your clients network.
8. Click the New button to add a new named VLAN and add "name" and click OK.
9. Click the Add button to add a new VLAN.
a. From the drop down list select NEW and click OK. Add a new VLAN then click
on each field to add in the following:
• VLAN ID: X1
• IP Address: 10.X0.X1.1 Subnet Mask: 255.255.255.0
• Enable NAT: yes
• Port Members: no ports DHCP settings: none
b. Click on OK to add this new VLAN

9
 Initial Controller Parameters

We will now add VLAN and DHCP server from controller

6. Click the New button to add a new named VLAN and add “name” and click OK
7. Click the Add button to add a new VLAN.
a. From the drop down list select NEW and click OK. Add a new VLAN for guest
users VLAN then click on each field to add in the following:
VLAN ID: X2
IP Address: 10.X0.X2.1
Subnet Mask: 255.255.255.0
Enable NAT: no
Port Members: no ports

10
 Initial Controller Parameters

b. Click on the DHCP settings and from the drop down menu select
DHCP settings: Act as server
Configure the DHCP pool as follows:
Network: 10.X0.X2.0
NetMask: 255.255.255.0
Domain Name: (Leave blank)
Default router: 10.X0.X2.1
DNS server: 8.8.8.8
8. Click OK. Click OK to add this new VLAN.
10.Click Next to continue to the next page.

11
 Initial Controller Parameters

We will now add VLAN and DHCP server from controller

6. Click the New button to add a new named VLAN and add “name” and click OK
7. Click the Add button to add a new VLAN.
a. From the drop down list select NEW and click OK. Add a new VLAN for guest
users VLAN then click on each field to add in the following:
VLAN ID: X3
IP Address: 10.X0.X3.1
Subnet Mask: 255.255.255.0
Enable NAT: no
Port Members: no ports

12
 Initial Controller Parameters

b. Click on the DHCP settings and from the drop down menu select
DHCP settings: Act as server
Configure the DHCP pool as follows:
Network: 10.X0.X3.0
NetMask: 255.255.255.0
Domain Name: (Leave blank)
Default router: 10.X0.X3.1
DNS server: 8.8.8.8
8. Click OK. Click OK to add this new VLAN.
10.Click Next to continue to the next page.

13
 Connectivity controller and uplink

10. The Controller IP address, should be set the management VLAN interface VLAN
X1: 10.X0.X1.1)
11. Add the Default gateway as Static and enter 10.X0.X1.251
12. Click Next

14
Ports

15
 Ports

At this point you need to configure a trunk port on the controller.

10. On the Configure Ports window, click on the Port 0/0 row. The row will
highlight itself for configuration edits.
11. Select the management VLAN X1 as the Native VLAN.
12. Click on the Port 1/0 row. The row will highlight itself for configuration edits.
13. Select the management VLAN X1 as the Native VLAN.
14. Place a check in the box for Trunk Mode.
15. In the last column, VLANs for Trunk Mode select your X1,X2,X3 VLANs
• Note use the “>” to move the vlans into the Selected
column Then Click OK
14. Once done then Click the drop down tab for STP for all ports. And select disabled
15. Click the Next button.
16. Click finish found at the bottom of the screen.
17. Click on Close.

16
Initialization Results

17
License Management

18
Monitoring dashboard

•Main screen for proactive monitoring of the

network
•Provides information on the overall health, usage
and troubleshooting for the WLANs and the
controller
•Helps isolate a problem quickly and zoom in to
APs and Clients that need attention
•Supports drill down views with rich data
•1 min granularity

19
Monitoring Client Performance

20
Usage Page

21
Potential client and radio issues

22
WLANs page

23
Access point summary

24
Clients page

25
Configure WLAN

1. Open a browser page to your controller.

2. To configure the employee WLAN, navigate to Configuration -> Wizards ->
Campus WLAN.
3. Click the NEW button under AP Groups, add the new group MasterControllerX,
then click OK.
4. Select the new.
5. Click New to create a new WLAN.
6. In the field Name for new WLAN (SSID).
7. Click OK to accept the WLAN name (name = ArubaX)

26
Configure WLAN

27
Configure WLAN
8. Click Next.
9. Select Tunnel mode as the forward mode and click Next.
10. For the Radio settings select the following:
a. Radio type all.
b. Broadcast SSID yes.
c. Select VLAN from the drop down field.
d. Then click Next.
11. Select Internal for intended use of the WLAN.
12. Click Next.
13. On the Authentication and Encryption page select the following:
a. Strong encryption with 802.1X authentication.
b. Select WPA-2 Enterprise.
c. Select AES,TKIP from the encryption dropdown menu.
d. Click Next.

28
Configure WLAN
14. Click Add on Authentication Server.
15. Select “Internal” from known servers
16. Choose Radius then enter the following:
a. Server Radius Name.
b. IP Address.
c. Shared key and Retype key.
d. click OK then click Next.

29
Configure WLAN
17. No Captive Portal. Click Next.
18. Select the role authenticated then click Next.
19. Click FINISH at the bottom of the screen.
20. Confirm that the configuration has been pushed successfully then click Close
at the bottom of the screen

For Next step AP provision you must disable Control Plane Security
21. Open a browser page to your controller.
22. To configure the employee WLAN, navigate to Configuration -> Control Plane
Security
23. Choose disabled, then apply

30
Convert IAP to Mobility Controller
1. Connect a console cable to the Aruba IAP’s console port.
2. Power up your AP
3. The AP will start booting
a. Press enter key to stop the autoboot process.
b. Type factory reset
c. Type setenv ipaddr X.X.X.X
d. Type setenv netmask X.X.X.X
e. Type setenv gatewayip X.X.X.X
f. Type saveenv
g. Type reset or boot to reboot the AP
4. After booting complited, enter the following:
• Username: admin
• Password: admin
5. type convert cap “ip address controller”

31
Convert IAP to Mobility Controller

–Logging in to the Instant UI

1.Connect wireless to default SSID name “instant0X”.

2.Launch a web browser and enter http://instant.arubanetworks.com (172.31.98.1)

3.On “Welcome to Instant” window, Enter “admin” both Username and Password.

4.select Country “Indonesia” from drop down. (Already done)

32
Convert IAP to Mobility Controller

–Edit Access Point

1.On the “Access Point” window, click on the “MAC Address number” and then click “edit”
on the right side.

2.Choose “specify statically” (if IP Static)

3.Entry IP Address “192.168.1.11, Netmask “255.255.255.0”, Default gateway “192.168.1.1

and DNS server “8.8.8.8

33
Convert IAP to Mobility Controller

–Edit Access Point

1.On the right top click on the “Maintenence” then

2.Choose “convert” tab

3.Choose convert to “Campus AP to ”

4.Enter ip Controller “10.X0.X1.1” then

5.Apply

IAP will convert and reboot automatically

34
AP Provisioning
Check the GUI to see if the AP is detected. Click on Monitoring then look in the
WLAN Network Status table.

35
AP Provisioning

8. From your controller GUI interface navigate to Configuration -> WIRELESS ->
AP Installation.
9. Select your AP and click Provision.

36
AP Provisioning

1. From the drop down menu select the AP group.

2. Check IP Controller and Contrller Name.
3. In the AP List box, near the bottom of the page, re-name AP
4. Click Apply and Reboot. Give your AP a few minutes to reboot then ensure
that your SSID is being broadcast by your AP.
5. Click the Monitoring tab at the top left.
6. Scroll down towards the bottom of the monitoring tab to the WLAN section
and check if the employee SSID is being broadcast.

37
AP Provisioning

38
RADIUS Server Setup
1. Log into the WebUI of your controller.
2. Navigate to Configuration -> SECURITY -> Authentication -> Servers
3. Click Server Group from the Servers tab on the left side of the screen.
4. In the server group name: “WLAN”-server-group.
5. Check Servers (There is server that you input on configure WLAN)

39
RADIUS Server Setup

If There isn’t add the RADIUS server or if you want add new RADIUS server
• Click the New button under Servers to add RADIUS Server name to the server
group.
If you want add another RADIUS Server
1. Navigate to Configuration -> SECURITY -> Authentication -> Servers ->
RADIUS Server.
2. In the blank field, enter the name of RADIUS Server.
3. Click the Add button.
4. Click on the new RADIUS server you just created to begin its configuration
and enter the following:
• Host:
• Key:
5. the Apply button at the bottom of the screen.

40
Add User

1. Log into the WebUI of your controller.

2. Navigate to Configuration -> SECURITY -> Authentication -> Internal DB
3. Add user and password

41
Building The common-policy

1. Navigate to Configuration -> Security -> Access Control -> Policies tab
2. Click on the Add button to begin editing a new policy.

42
Building a Network Destination Alias

1. Log into the WebUI of your controller.

2. Navigate to Configuration -> Advanced Services -> Stateful Firewall then
click on the Destination tab.
3. Create a new destination alias that will represent the Controller Interfaces in
use for this class.
a. Click Add.
b. Give the new destination the name controller-interfaces.
c. Click on the Add button.
• Rule Type: Host
• IP Address: 10.X0.X1.1
• Click on Add.
d. Enter all ip interface controller.
e. Click the Apply button.

43
Building no Ping Blacklist Policy

1. Navigate to Configuration -> Security -> Access Control -> Policies.

2. Click on the Add button to begin editing a new policy.
3. Name the policy no-ping.
4. Click Add to add a rule.
5. In the Rule Editor make the following selections:
a. IP Type:IPv4
b. Source: Any
c. Destination: alias
d. From drop down : controller-interface
e. Service: Service
f. From drop down: svc-icmp
g. Action: Drop
6. Click Apply then save your configuration.

44
Modifying Authenticated User Role

1. Navigate to Configuration -> SECURITY -> Access control -> User roles.
2. Click Edit next to the authenticated user role.
3. Under firewall policies click Add.

45
Modifying Authenticated User Role

4. Configure the policy as follows:

a. The option Choose from Configured Policies should be selected.
b. From the pull down select the no-Ping firewall policy that was
created earlier.
c. Click on the Done button.
5. Click Apply on the bottom right

46
Dashboard AppRF

review the dashboard AppRF:

1. Open a browse page to facebook

2. Open a browser page to youtube
3. Open a browser page to your controller
4. On your Controller GUI Navigate to Dashboard -> AppRF You should see
six new charts. You may need to enable the Firewall Visibility if prompted.
It will take a couple of minutes to populate data.

47
Configure WLAN Captive Portal

1. Open a browser page to your controller.

2. To configure the employee WLAN, navigate to Configuration -> Wizards ->
Campus WLAN.
3. Click and choose group MasterControllerX
4. Click New to create a new WLAN.
5. In the field Name for new WLAN (SSID).
6. Click OK to accept the WLAN name (name = GuestX)

48
Configure WLAN Captive Portal
7. Click Next.
8. Select Tunnel mode as the forward mode and click Next.
9. For the Radio settings select the following:
a. Radio type all.
b. Broadcast SSID yes.
c. Select VLAN from the drop down field.
d. Then click Next.
10. Select Guest for intended use of the WLAN.
11. Click Next.
12. On the Authentication and Encryption page select the following:
a. Captive Portal with email registration. User's email is required but not
verified
b. Click Next.

49
Configure WLAN

17. Choose Captive Portal. Click Next.

13. Click Add on Authentication Server.
14. Select “Internal” from known servers
15. Click FINISH at the bottom of the screen.
16. Confirm that the configuration has been pushed successfully then click Close
at the bottom of the screen

50
Configure Captive Portal

1. Login to the WebUI of your controller

2. Navigate to Configuration -> Management -> Captive Portal.
3. In the Profile drop down menu select your captive portal profile GuestX-CP.
4. In the Page Text box write the following: Welcome to my guest network
provided by “your name”

51
Configure Captive Portal

5. Under the Additional options Choose File, You could choose a JPEG file but
we will keep the Aruba logon screen at this time.
6. In the policy text section write the following “Legal”
7. At the bottom of the screen click on Submit.
8. To the right of Submit and Reset buttons click on View Captive Portal. This
will open up a new browser page.
9. Verify the logo and your page text.
10. In the registration window click on Acceptable Use Policy.
11. Now close the browser page.
12. Save Configuration at the top of your screen.

52
Adaptive Radio Management
Configuration
1. Login to the WebUI of your controller.
2. Navigate to Configuration -> Wireless -> AP Configuration
3. Click on your masterControllerX AP group
4. Expand RF Management
5. Expand 802.11a radio
6. Click on Adaptive Radio Management (ARM) profile
7. Answer these questions:
a. What is the MAX TX EIRP set for : __________
b. What is the Min TX EIRPset for: _____________
c. Is Client Match enabled: _________

53
54