Config Sync

Example Aruba Setup

Connecting Aruba IAP to rXg

Steps to connect Aruba IAP

1. Create InfDev for Aruba IAP
2. Generate and apply bootstrap configuration to Aruba IAP
3. Import pre-existing WLAN's if needed

4. Enable sync

5. Create InfDev for Aruba IAP

Navigate to Network::Wireless and create a new WLAN Controller.

The Name field is arbitrary and can be set to anything. The Type field should be set to Aruba IAP. The Host field is the IP address we want the virtual controller to have. If the controller is local to the rXg then the Subnet mask and Gateway IP fields can be left blank. Set the API port field to the correct port, by default it is set to 4343 and shouldn't be changed the Aruba IAP has been configured to use a different port. Set the Username and Password field with the correct username and password and click Create.

Note: If the Host IP is already set in the Aruba IAP, then it will not show the commands that need to be run. The commands will be provided in a step below.

1. Generate and apply bootstrap configuration to Aruba IAP.

Click on the Sync not enabled link.

This will provide the Bootstrap Configuration that must be run on the IAP to allow API commands as well as set the virtual controller IP.

Note: If the virtual controller IP has been set and the Aruba IAP shows as online it will not show the Bootstrap commands. If this is the case the virtual controller IP does not need to be set so only the following commands should be run on the AP by first SSH'ing to it.

configure** allow-rest-api** end commit apply

SSH to the controller IP and run the Bootstrap Configuration commands.

1. Import pre-existing WLAN's if needed

To import any existing WLANs that may already exist, click the import link on the WLAN Controllers scaffold.

Any WLANs that exist will then be shown on the WLANs scaffold.

1. Enable sync.

This step will allow the rXg sync with the Aruba IAP so that any configuration done on the rXg will be pushed (synchronized) to the Aruba IAP. To enable sync click the Sync not enabled link in the WLAN Controller scaffold.

Next click on the Enable Config Synchronization button.

The rXg has now been configured to take control of the Aruba IAP, configuration changes to the WLANs from the admin gui of the rXg will be pushed automatically to the Aruba IAP.

Aruba MPSK Setup

A WLAN must exist that matches the SSID of the WLAN in the Aruba controller, the rXg can import this information by creating a WLAN Controller. Configure a WLAN Controller by navigating to Network::Wireless and click create new on the WLAN Scaffold. This will allow the rXg to import the WLAN's from the Aruba controller.

Enter a name in the Name field, the Name is arbitrary. The Type field should be set to either ArubaOS or Aruba IAP depending on the type of controller the rXg is connecting to. The Host field is the IP address or domain name of the controller. If the Controller is local, setting a value in the Subnet mask and Gateway IP field is not needed. The Disconnect method , SSH port and API port fields can be left on the default values unless the controller is using non default ports. Enter the Username and Password in the Username and Password fields. Click Create.

The rXg will import the WLANs and AP's from the Aruba controller.

Next the RADIUS Server Realms must be configured to use MPSK. Navigate to Services::Radius.

In order to use MPSK the correct RADIUS Server Attributes must be tied the to the RADIUS Server Realms. By default there is a RADIUS server attribute for use with Aruba MPSK. This Attribute must be tied to each realm that will use MPSK typically this will be the POST auth realms, but for certain locations with pre-setup accounts this may be attached to both POST and PRE auth realms. For this example there will be a RADIUS server attribute created that will have a known PSK and this will be attached to the Onboarding realm. This allows anyone to connect with the known PSK and after account creation they will be able to use their unique MPSK to connect. In the RADIUS Server Attributes scaffold, click edit on the Aruba-MPSK-Passphrase entry.

Select the RADIUs realms that will use the variable MPSK attribute, in this example only the Account Realm will be selected in the RADIUS Server Realms field. Click Update.

Next create a new RADIUS Server Attribute. In the Name field enter Aruba-MPSK-Passphrase. In the Value field enter in the known PSK, in this example lab01admin! will be used as the known PSK. In the RADIUS Server Realms field make sure that only the realms that are using the known PSK are selected in this case only the Onboarding Realm will be selected. Click Create.

With this setup, a user connecting for the first time would connect to the SSID using the known PSK of lab01admin!. This will connect them to the network and they will get redirected to the captive portal where they can then sign up for an account. During account creating the end user will create their own PSK, at this point the end user will need to forget the wireless network on their device and connect using the PSK they set during account creation. The advantage to using MPSK is that now the end user can connect a device and have it attached to their account by simply connecting to the network using their unique PSK. This means that headless devices can be added to an account by connecting to the network and using the unique PSK for the account. The end user will not need to enter the MAC address of the headless device to their account this will be done automatically when connecting to the network. This also means devices with MAC randomization will be added back to the correct account if the MAC address changes without the end user even being aware.