== Aruba Wi-Fi Lab == In this lab session we are going to setup and configure enterprise-grade access points. This is a group lab and there will be 9 groups. For this lab please refer to the IP table and network diagram given [https://ws.learn.ac.lk/wiki/campuswifiandeduroam2023Agenda/IPAllocationWiFiLab here]. = Initial setup of the Access Point = We are using two models of access points for this lab Aruba AP-515 and AP-225. Two are having differences in the way they are setup and configurations are done. Note: Each group will be provided two Access points. Each group is allocated 4 ports(given in the table) on a PoE switch which you need to plug your access points. Don't plug both access points at once. First plug one and configure it until done. When you add the second AP it should automatically get the configurations from the previous AP. == Initial setup of AP-515 == When you power up the AP it should show a SSID named setmeup-XX:XX:XX . Connect your laptop to it. Then browse the page https://setmeup.arubanetworks.com/ (prefer chrome browser). == Initial setup of AP-225 == Install putty on a laptop with a serial console cable attached(We will provide a shared laptop to setup APs). Connect the AP to the console port. The plug a patch cord to the Ethernet 0 port of the AP. Plug the other end of the patch cord to a given switch port. AP will power up and within five seconds hit enter to stop autoboot of the AP. You will enter to a low level configuration mode of the AP. enter below commands to do IP configuration for the AP. {{{ at apboot mode, setenv ipaddr 192.248.4.X setenv netmask 255.255.255.248 setenv gatewayip 192.248.4.Y setenv dnsip 192.248.1.161 saveenv printenv }}} optional, {{{ setenv domainname g.learn.ac.lk saveenv }}} Then enter 'boot' to load OS image. Console will show as Init -> Master. Then the AP will be the master. Now you are able login to the AP through a web console. Enter https://:4343/ on a browser. Credentials will be as follows. user : admin password : serial number of the AP = Setting up a DHCP server = Login to AP. Go to DHCP servers menu. default DHCP scope is for virtual controller assigned networks. It uses private IP ranges only. IN Local DHCP scopes click new. {{{ Name : WS Type : Local, L2 VLAN :1 Network : 192.168.1.0 Netmask : 255.255.255.0 Default router : 192.168.1.254 DNS : 192.248.1.161 Domain name : .learn.ac.lk Lease time : 720 }}} = Setting UP SSIDs = login using admin:admin or admin/serialno. Locate Network, Click new. Go through the wizard. 1) Enter ssid, 2) We will assign VC as the DHCP server. Client IP assignement : virtual controller managed Client VLAN assignment : custom and select the above created(WS). 3) click the slider bar to Enterprise security level, key management : WPA-2 Enterprise Authentication server : new enter the radius server ip and secret configured in /etc/freeradius/clients Radius IP address : 192.248.4.XXX Also make sure AP addresses are added as clients to radius server. 4) keep the network Access unrestricted = Add other Access Points = reset other IAPs and set static IPs. APs in same subnet will be added to the cluster. If there is OS mismatch in new APs will be synced from Master AP and reboot. = Eduroam SSID configuration = login using admin:admin or admin/serialno. Locate Network, Click new. Go through the wizard. 1) Enter ssid, 2) We will assign VC as the DHCP server. Client IP assignement : virtual controller managed Client VLAN assignment : custom and select the above created(WS). 3) click the slider bar to Enterprise security level, key management : WPA-2 Enterprise Authentication server : new enter the radius server ip and secret configured in /etc/freeradius/clients Radius IP address : 192.248.4.XXX Also make sure AP addresses are added as clients to radius server. 4) keep the network Access unrestricted