Have been forcing myself to familiarize myself with it. Realizing there is not a pane anywhere that shows a list of active APs and also has the number of clients connected to each of those APs next to it. This was always a common sense thing that was included with classic Central as well as 8.x and going back further.
Our customer wanted to integrate the Aruba mobility controller AOS8 (8.10.0.20) with Grafana.
Has anyone ever tried to export SSID Clients historical data to Grafana? Is it possible to do it?
Hi!
I have the following configuration on my Aruba 2540 for access point. How I can configure similar configuration for my Access point on Aruba 6100. VLAN 120 is my management VLAN.
interface 1
name Access point
tagged vlan 13,20-21,300-301
untagged vlan 120
Thanks
Hello all,
Briefly here's some background about our operation: we have 1 HQ location which is a 100k sq ft building (80k of which is warehouse space). About 100 employees + anywhere from 50-150 guests (we have a couple of event rooms that we rent to the public). Then we have 4 other branch locations (also mixed office/warehouse space) which are much smaller (3-10 employees each).
Current network is a mixed bag. At HQ, we have Cisco switching with wireless. At our branches, the wireless is Ubiquiti.
I need to refresh the switches/wireless at our HQ and later in the future we'll hit the branches. Our network is pretty standard I think. Switches need standard layer 2 features. I don't need routing, but I do want to be able to apply IP ACLs. I am doing this on my Cisco switches as an additional security layer. Basically, I block east/west traffic at the port level. I also block all IPv6 traffic at the switch. In addition to that, I have 5 VLANs including a voice VLAN for ShoreTel/Mitel and a guest VLAN for guest wifi. I'm currently not using any type of network access control/RADIUS. Everything is PSK (yea, I know, not the best, hoping to change this in the future).
I also was going to stack my switches because I have an MDF with 7 switches and an IDF with 3 switches. This is basically all access switching. Even though we do have a few servers still on site, we don't push that much traffic to warrant some type of core distribution design. Most of our traffic is going to the internet now anyways as we move stuff to cloud. We only have a 200M internet circuit too. 1gb on the switch ports and 1gb uplinks for the APs is fine.
I've got quotes from Cisco and Aruba and the Aruba came in cheaper and looks very appealing. Aruba Central looks very interesting as a central cloud management option. We're currently not doing anything here in the Cisco realm. I have to manage all the switches individually. The APs have a physical controller. I'm a one-man shop who's used to the Cisco CLI, but I understand Aruba is very similar?
I'm trying not to make this post super long so my questions I'm hoping you all with Aruba experience could address:
If you moved from Cisco to Aruba, how was that experience? Any surprises or big gotchas?
For the wireless, I don't think I'd be using gateways. The APs would be locally bridged. My understanding is this is basically a controllerless model is that correct? Are there any downsides to this model? What I don't like about the Cisco wireless right now is the single point of failure of the controller.
If support lapses, do devices keep working (unlike Meraki for example)?
My VAR quoted me the following gear so far:
6300M switch (JL661A) - maybe I can drop this to 6200 series?
AP-635 (for office space)
AP-587 (for warehouse space)
AP-518 (for our walk-in freezers/coolers in the warehouse)
ClearPass Cx000V VM appliance - not sure I actually need this day 1. This might be a nice to have in the future?
Thank you for any advice/comments/thoughts you can provide!
Has anyone got this to work if you tried?
Insight:
Anything work for anyone on here if you have the same setup?
TIA
**EAP-TLS certificate-based Wi-Fi with Microsoft Intune + Aruba Central NAC — Windows, macOS and iOS/iPadOS**
I couldn't find much documentation covering all three platforms together, so I put together a full lab write-up with step-by-step screenshots.
**The setup:**
- Aruba Central NAC as the RADIUS/NAC engine (OAuth2-connected to Intune/Entra ID)
- SCEP certificates issued directly by Central NAC's built-in CA (no NDES/connector needed)
- Intune pushing 3 profiles per platform: Trusted Certificate + SCEP + Wi-Fi
- Automatic EAP-TLS connection to WPA2-Enterprise SSID once profiles are deployed
**Per-platform specifics:**
*Windows* — straightforward, same flow as the HPE TechNote. Validate with certmgr.msc.
*macOS* — requires APNs certificate first (one-time setup). SCEP profile uses Device Channel. Validate in Keychain Access (System + login keychains).
*iOS/iPadOS* — enrollment via Company Portal is very guided. **Important:** use Certificate type **User** with `CN={{UserPrincipalName}}` in the SCEP profile. Device type causes NAC authorization to fail (Deny All) because Central NAC can't resolve the device cert to an Entra ID user or group.
**Docs split into two GitHub repos:**
- Aruba Central NAC config (identity store, roles, policies, SSID): https://github.com/Luconik/hpe-aruba-guides/tree/main/central-nac-intune
- Intune profiles + enrollment per platform: https://github.com/Luconik/microsoft-intune/tree/main/eap-tls
Each README has EN + FR versions and full screenshots for every step.
So, I'm doing a total renovation on my house, and was set on using a full unifi setup like all my friends. My network is mainly for smart home, and of course tv and wifi.
I don't know if I will regret this, but I endene up with a budget options with used Aruba gear. I though to my self that the one pan of glass looks amazing and is very easy and user friendly, but then again, as a private person in my own home how often will I actually use it to anything useful? So my newoek now looks like this: EdgeRouter 4, Aruba 2540 (Core), 2x Aruba 2530-24G-PoE+, 1x Aruba 2530-48G and Unifi AP. I have a NOC that gives my much of the information that I would get on the Unifi user interface.
Do you guys think I will regret this route?
I'm a bit anxious if I went the right way on this one..
It's only a small network in my own home, it should ok I think
Hey everyone. We're starting to look into Aruba Central (new version) and was wondering if there are any video series on Youtube that are similar to the ones that showed you how to setup an environment in AOS8 many years ago. I think those were done by Airheads Broadcasting. Thanks for any suggestions.
Does the amber PoE say everything or should I look into this more?
Does the amber PoE say everything or should I look into this more?
Pacific office set this up like 4 years ago and we've been bitching about the wifi being intermittent. They say they cant figure it out. Of course they arent giving me the login to any web UI to figure it out myself.....All I can do is take a close inspection of the equipment and I notice the PoE light isn't green. This is definitely a problem right?
Hello!
What is stable version for Aruba 2540, 6100 and 6200?
Thanks
Hoping for a quick fix before entering TAC hell...we have a pair of 7210s running 8.10.0.22, and for a little while we've had a somewhat reproducible issue where some clients' download speeds max out between 10 and 30 Mbps. I am now about 90% sure that this is happening only to clients where their anchor controller is different from their AP's anchor controller. e.g.:
AP01 is anchored to controller A
Client X on AP01 is anchored to controller A, speeds are great
Client Y on AP01 is anchored to controller B, speeds are asymmetrically poor
Clients with the same anchor as their AP can reliably get 700Mbps symmetrical on 6GHz, but when the anchors are separate it'll be something like 20Mbps down and 400Mbps up.
I'm not sure exactly when this started, though a likely start was a few weeks ago when we went from 8.10.0.19 to 8.10.0.22.
This happens on any kind of SSID (enterprise, open, SAE), though all are tunneled. I do not really want to convert the entire campus to bridged SSIDs as a workaround.
We have jumbo frames (9198) enabled everywhere involved (APs, switch uplinks, controller LAGs). The controllers each have an MCLAG to our CX6400 cores, which have a VSX ISL with MTU 9500.
No wired ports involved show any drops or errors, each controller has a port-channel of two 10GbE links. We see jumbos incrementing on the switches, and giants incrementing on the controllers. Controller port-channels and interfaces all confirm jumbo/9198 is enabled.
When I look at the datapath tunnel list, it seems like the AP tunnels are all MTU 9000, but the tunnel between the controllers is 1500. Not sure what's expected here.
Rebooting APs does not resolve, and a phased reboot of the controllers last night did not resolve. I'm considering going to 8.13.2.0 tonight as a last resort before starting the TAC journey. Any advice is welcome!
Wondering if it's possible to make my non poe hp2920-48g to a poe version by upgrading the power supply, and enabling it with cli? Ai says yes, but I haven't found anything else on the Internet verifying this. Wondering if anyone has done this?
Hi everyone,
I'm currently deploying an 802.1X architecture and I'm facing a wall with daisy-chained PCs behind Mitel IP phones. I'm hoping someone here has successfully configured this specific hardware combo.
The Environment:
The Goal: Authenticate both the Mitel phone and the PC behind it on the same switch port using multi-domain / client-limit.
What works perfectly:
The Issue: When the PC is daisy-chained behind the Mitel phone, the 802.1X process fails. Looking at packet captures:
EAP Request, Identity.EAP Response, Identity.Request, Identity in a loop until timeout).What I've already tried / ruled out:
client-limit 3.mac-auth on the port to ensure the 802.1X process isn't being superseded by a MAC-auth failure.eapol forward: 1. I also tried adding/removing pc port vlan: 0 and pc port priority: 0 (and tag pc port: 0), but the upstream traffic from the PC still seems to die at the phone.My Hypothesis: The internal switch of the Mitel phone is actively filtering/dropping the upstream EAPOL response (multicast MAC 01:80:c2:00:00:03) from the PC instead of bridging it transparently to the Aruba switch.
Has anyone successfully made the PC port of a Mitel 6900 truly transparent for 802.1X? Are there any hidden or undocumented TFTP parameters for these phones regarding EAPOL pass-through?
Thanks in advance for any insights!
I've been told they will be raising prices at least for hardware, not sure about the rest, as of May 15. Anyone have any additonal information on this? Trying to make a case to get a purchase pushed through before then and showing actual numbers always has a greater impact.
Is there any way to generate aruba central evaluation licenses or are there NFR licenses that can be purchased for home/lab use? Looking for 4-6 gateway licenses (foundation should do, only running it in the home lab), and 6-8 ap licenses to cover 4 lab sites. The idea is I’ll put in a gateway each in mine, parent’s and inlaw’s house and 1 more in a co-lo as a vpnc to run a real life lab. Already ran out of the 90 day Evals that came with the workspace, and have migrated workspaces once or twice. Last resort, I can spin up a new workspace but trying to avoid this as I don’t want to spend another week rebuilding the already configured stuff. Ps. Not looking for freebies, just trying to find a way to keep the costs as low as possible.
I looked at some capacity guides says 8000 access points per 9240 with the gold license is that correct?
Hello Aruba community! My employer is an Aruba partner and they've tasked me with getting the Aruba campus pro cert, I have the campus associate and the pro study guide, I mainly need some help with Labs requirements.
If I want a self hosted lab with GNS3 or EVE-NG, which specs would I need bare minimum? I just need something to simulate the lab guide and possibly practice central, since I haven't worked on many Central projects. This way I can ask my boss for some hardware if you think it's necessary, (Switches, AP's). I tried looking through the past posts but nothing seemed clear on specs. Thank you for any help you can give me!
Anyone have a link to a compatibility matrix?
I bookmarked a page on the support forum, but it's gone now.