How to change ap-mode to am-mode (Aruba Access Point)

Merhaba Arkadaşlar,

AM-Mode : Bu mode üzerinde çalışan bir AP aynı zamanda bir SSID yayını yapmaz. Bu mode ile birlikte 2.4 Ghz radyosu üzerinde havadaki kanallar belirli periyotlar ile taranır. Bu mode genel olarak radio doluluk vb. durumların kontrolü için kullanılmaktadır. Bu mode ihtiyaçlar doğrultusunda toplanılan ALE verilerinin %’sini artırmak amacıylada kullanılmaktadır.

AP-Mode : Bu mode üzerinde çalışmakta olan Access Point donanım desteklemesi durumunda hem 2.4 Ghz hem 5 Ghz radyoları üzerinde SSID yayını yapmaktadır. Seçili olan Regulatory Domain tanımı doğrultusunda ilgili kanallar kullanılmaktadır.

Aruba Access Point cihazını ap-mode’undan am-mode’una çevirmek için aşağıdaki işlemi yapmanız yeterli.

Öncelikle bu işlemi uygulayacağımız AP Group profile’ı (AirMonitor-AP-Prof) altına giriyoruz. Bu bölümde Wireless Lan altında RF Management altında bulunan 802.11g radio profile’ını açıyoruz. AP-Mode durumunda çalışan bir profile tanımı aşağıdaki gibi olacaktır.

Görselde gözüktüğü üzere ilgili profile altındaki mode tanımı ap-mode şeklinde. Yani bu profile altında çalışmakta olan bir AP 2.4 Ghz radyosu üzerinde aktif kanalları üzerinde SSID yayını yapacaktır.

Biz bu mode tanımını am-mode olarak değiştireceğiz. Böylece cihazımız SSID yayını yapmayı bırakarak 2.4 Ghz radyosu üzerinde havayı dinlemeye başlayacak. Bu işlem sonrasında AP modeline göre değişebilir AP cihazı üzerindeki 2.4 Ghz radyosu ledi yanıp yanıp sönecek şekilde çalışmaya devam edecek.

Bu işlemi yaptıktan sonra cihazımızı am-mode olarak ayarlamış olacağız.

CLI üzerindeki kontrolü için;

Teşekkürler.

IEEE 802.11k

IEEE 802.11k-2008 is an amendment to IEEE 802.11-2007 standard for radio resource management. It defines and exposes radio and network information to facilitate the management and maintenance of a mobile Wireless LAN. IEEE 802.11k was incorporated in IEEE Std 802.11-2012; see IEEE 802.11.

Radio Resource Management

IEEE 802.11k and 802.11r are industry standards that enable seamless Basic Service Set (BSS) transitions in the WLAN environment. The 802.11k standard provides information to discover the best available access point.

Protocol operation

The following steps are performed before switching to a new access point.

  1. Access point determines that client is moving away from it.
  2. Informs client to prepare to switch to a new access point.
  3. Client requests list of nearby access points
  4. Access point gives site report
  5. Client moves to best access point based on report

 

Apple Devices

802.11k and r

  • iPhone 4s and later
  • iPad Pro
  • iPad Air and later
  • iPad mini and later
  • iPad (3rd generation) and later
  • iPod touch (5th generation) and later

Intel Wireless Adapter

Source : https://wikipedia.org

Communication Between Aruba Devices

Communication Between Aruba Devices

This section describes the network ports that need to be configured on the firewall to allow proper operation of the Aruba network.

Between any two controllers:

  • IPsec (UDP ports 500 and 4500) and ESP (protocol 50). PAPI between a master and a local controlleris encapsulated in IPsec .
  • IP-IP (protocol 94) and UDP port 443 if Layer-3 mobility is enabled.
  • GRE (protocol 47) if tunneling guest traffic over GRE to DMZ controller.
  • IKE (UDP 500).
  • ESP (protocol 50).
  • NAT-T (UDP 4500).

Between an AP and the master controller:

  • PAPI (UDP port 8211).If the AP uses DNS to discover the LMS controller, the AP first attempts to connect to the master controller. (Also allow DNS (UDP port 53) traffic from the AP to the DNS server.)
  • PAPI (UDP port 8211). All APs running as Air Monitors (AMs) require a permanent PAPI connection to the master controller.

From an AP to the LMS controller:

  • FTP (TCP port 21).
  • TFTP (UDP port 69) for AP-52. For all other APs, if there is no local image on the AP (for example, a brand new AP) the AP will use TFTP to retrieve the initial image.
  • NTP (UDP port 123).
  • SYSLOG (UDP port 514).
  • PAPI (UDP port 8211).
  • GRE (protocol 47).

Between a Remote AP (IPsec) and a controller:

  • NAT-T (UDP port 4500).
  • TFTP (UDP port 69)
    note TFTP is not needed for normal operation. If the remote AP loses its local image for any reason, it will use TFTP to download the latest image.

    .

Network Management Access

This section describes the network ports that need to be configured on the firewall to manage the Arubanetwork.

For WebUI access between the network administrator’s computer (running a Web browser) and a controller:

  • HTTP (TCP ports 80 and 8888) or HTTPS (TCP ports 443 and 4343).
  • SSH (TCP port 22) or TELNET (TCP port 23).

For ArubaMobility Management System (MMS) access between the network administrator’s computer (running a Web browser) and the MMS Server:

  • HTTPS (TCP port 443).
  • HTTP (TCP port 80).
  • SSH (TCP port 22) for troubleshooting.

For SSL tunnels between MMS Servers in high availability configuration:

  • TCP 11312 (used for application messages).
  • TCP 11315 (used for database synchronization).
  • TCP 11873 (used for file synchronization).

For MMSaccess between the MMSServer and controllers:

  • SNMP (UDP ports 161 and 162).
  • PAPI (UDP port 8211 and TCP port 8211).
  • HTTPS (TCP port 443).

Other Communications

This section describes the network ports that need to be configured on the firewall to allow other types of traffic in the Aruba network. You should only allow traffic as needed from these ports.

  • For logging: SYSLOG (UDP port 514) between the controller and syslog servers.
  • For software upgrade or retrieving system logs: TFTP (UDP port 69) or FTP (TCP ports 21 and 22) between the controller and a software distribution server.
  • If the controlleris a PPTP VPN server, allow PPTP (UDP port 1723) and GRE (protocol 47) to the controller.
  • If the controlleris an L2TP VPN server, allow NAT-T (UDP port 4500), ISAKMP (UDP port 500) and ESP (protocol 50) to the controller.
  • If a third-party network management system is used, allow SNMP (UDP ports 161 and 162) between the network management system and all controllers. If the ArubaOSversion is earlier than 2.5, allow SNMP traffic between the network management system and APs.
  • For authentication with a RADIUS server: RADIUS (typically, UDP ports 1812 and 813, or 1645 and 1646) between the controller and the RADIUS server.
  • For authentication with an LDAP server: LDAP (UDP port 389) or LDAPS (UDP port 636) between the controller and the LDAP server.
  • For authentication with a TACACS+ server: TACACS (TCP port 49) between the controllerand the TACACS+ server.
  • For NTP clock setting: NTP (UDP port 123) between all controllersand the MMS server and NTP server.
  • For packet captures: UDP port 5555 from an AP to an Ethereal packet-capture station; UDP port 5000 from an AP to a Wildpackets packet-capture station.
  • For telnet access: Telnet (TCP port 23) from the network administrator’s computer to any AP,if “telnet enable” is present in the “ap location 0.0.0″ section of the controller configuration.
  • For External Services Interface (ESI): ICMP (protocol 1) and syslog (UDP port 514) between a controller and any ESI servers.
  • For XML API: HTTP (TCP port 80) or HTTPS (TCP port 443) between a controllerand an XML-API client.