aruba_networks:controller:aruba_mobility_controller_7220
This is an old revision of the document!
Aruba Mobility Controller 7220
Web Server Configuration
Parameter Value --------- ----- Cipher Suite Strength high SSL/TLS Protocol Config tlsv1.2 Switch Certificate default Captive Portal Certificate default IDP Certificate default Management user's WebUI access method username/password User absolute session timeout <30-3600> (seconds) 0 User session timeout <30-3600> (seconds) 900 Maximum supported concurrent clients <25-320> 75 Enable WebUI access on HTTPS port (443) true Web Skype4B Listen Protocol/Port Config N/A Enable bypass captive portal landing page false Exclude Security Headers from HTTP Response false
(Aruba7220) (config) #mgmt-user admin ?
<rolename> Role name from one of the following:
root - super user role
guest-provisioning - guest provisioning role
network-operations - Network operator role
read-only - Read only role
location-api-mgmt - Location API Management Role
standard - Standard Role
(Aruba7220) (config) #mgmt-user admin root
Password:**********
Re-Type password:**********
Password changed. Please re-authenticate
(Aruba7220)
User:
enable secret
write erase all
show license
reload
show inte brief
show running-config | include 0/0/0 show running-config | begin 0/0/0
enable bypass loginsession timeout 0
web-server profile session-timeout 3600
vlan 1 Default vlan 500 ServerVM vlan 501 ServerStack vlan 502 ISP1 vlan 503 ISP2 vlan 504 ISP3 vlan 505 LAN-UTM vlan 506 WIFI-AP vlan 507 VIP vlan 508 ST vlan 509 Staff vlan 510 Teacher vlan 511 Students vlan 512 Accounting vlan 513 Printer vlan 514 AC vlan 515 iDRAC vlan 516 KVM vlan 517 Guest vlan 518 VoIP vlan 519 IoT vlan 520 Cameras vlan 521 VC vlan 522 VPN vlan 523 Encoder vlan 524 Qsyc vlan 525 Nebula vlan 526 PtP vlan 527 Replication vlan 528 CD vlan 529 VD vlan 530 9K
firewall jumbo mtu 9100
(Aruba7220) #show ip interface brief
interface port-channel 1
description "LINK_TO_SWITCH_6400_CHASIS_IP_172.16.28.1"
interface port-channel 1 jumbo
trusted vlan 1-4094
switchport mode trunk
switchport trunk native vlan 506
interface gigabitethernet 0/0/3 jumbo
lacp group 1 mode active
description "LINK_TO_SWITCH_6400_CHASIS_IP_172.16.28.1"
interface gigabitethernet 0/0/4 jumbo
lacp group 1 mode active
description "LINK_TO_SWITCH_6400_CHASIS_IP_172.16.28.1"
Port-Channel 1 is administratively up
Hardware is Port-Channel, address is 00:1A:1E:04:8E:F8 (bia 00:1A:1E:04:8E:F8)
Description: LINK_TO_SWITCH_6400_CHASIS_IP_172.16.28.1 (LACP)
Spanning Tree is Forwarding
Switchport priority: 0
Jumbo Support is enabled on this interface MTU 9100
Member port:
GE 0/0/3, Admin is up, line protocol is up
GE 0/0/4, Admin is up, line protocol is down
Last clearing of "show interface" counters 0 day 0 hr 43 min 1 sec
link status last changed 0 day 0 hr 6 min 42 sec
517728 packets input, 927746832 bytes
Received 332167 broadcasts, 0 runts, 14781 giants, 0 throttles
0 input error bytes, 8926 CRC, 0 frame
267326 multicast, 185561 unicast
877 packets output, 59300 bytes
0 output errors bytes, 0 deferred
0 collisions, 0 late collisions, 0 throttles
Port-Channel 1 is NOT TRUSTED
interface vlan 506
ip address 10.10.10.10 255.255.255.0
interface vlan 1
no ip address
(Aruba7220) #reload
Do you really want to restart the system(y/n): y
System will now restart!
(Aruba7220) (config) #interface vlan 506
(Aruba7220) (config-subif)# ip address 172.16.36.20 255.255.254.0
Switch IP Address is Modified. Switch should be rebooted now
(Aruba7220) #reload
Do you really want to restart the system(y/n): y
System will now restart!
interface gigabitethernet 0/0/0
description "GE0/0/0"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/1
description "GE0/0/1"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/2
description "GE0/0/2"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 0/0/3
description "LINK_TO_SWITCH_6400_CHASIS_IP_172.16.28.1"
trusted
trusted vlan 1-4094
lacp group 1 mode active
!
interface gigabitethernet 0/0/4
description "LINK_TO_SWITCH_6400_CHASIS_IP_172.16.28.1"
trusted
trusted vlan 1-4094
lacp group 1 mode active
!
interface gigabitethernet 0/0/5
description "GE0/0/5"
trusted
trusted vlan 1-4094
!
interface port-channel 1
description "LINK_TO_SWITCH_6400_CHASIS_IP_172.16.28.1"
trusted vlan 1-4094
jumbo
switchport mode trunk
switchport trunk native vlan 506
!
interface vlan 506
ip address 172.16.36.20 255.255.254.0
!
!
!
ip default-gateway 172.16.36.1
no uplink wired vlan 1
uplink disable
ip nexthop-list pan-gp-ipsec-map-list
!
(Aruba7220) (config-range) #interface range gigabitethernet 0/0/1-0/5 (Aruba7220) (config-range) # lldp transmit (Aruba7220) (config-range) #lldp receive
spanning-tree mode rapid spanning-tree vlan range 500-530
(Aruba7220) #show spanning-tree interface port-channel 1 Spanning Tree port configuration -------------------------------- Vlan State Cost Prio PortFast BpduGuard P-to-P Role ---- ----- ---- ---- -------- --------- ------ ---- 1 Forwarding 20000 128 Disable Disable Enable Root 500 Forwarding 20000 128 Disable Disable Enable Designated 501 Forwarding 20000 128 Disable Disable Enable Designated 502 Forwarding 20000 128 Disable Disable Enable Designated 503 Forwarding 20000 128 Disable Disable Enable Designated 504 Forwarding 20000 128 Disable Disable Enable Designated 505 Forwarding 20000 128 Disable Disable Enable Designated 506 Forwarding 20000 128 Disable Disable Enable Designated 507 Forwarding 20000 128 Disable Disable Enable Designated 508 Forwarding 20000 128 Disable Disable Enable Designated 509 Forwarding 20000 128 Disable Disable Enable Designated 510 Forwarding 20000 128 Disable Disable Enable Designated 511 Forwarding 20000 128 Disable Disable Enable Designated 512 Forwarding 20000 128 Disable Disable Enable Designated 513 Forwarding 20000 128 Disable Disable Enable Designated 514 Forwarding 20000 128 Disable Disable Enable Designated 515 Forwarding 20000 128 Disable Disable Enable Designated 516 Forwarding 20000 128 Disable Disable Enable Designated 517 Forwarding 20000 128 Disable Disable Enable Designated 518 Forwarding 20000 128 Disable Disable Enable Designated 519 Forwarding 20000 128 Disable Disable Enable Designated 520 Forwarding 20000 128 Disable Disable Enable Designated 521 Forwarding 20000 128 Disable Disable Enable Designated 522 Forwarding 20000 128 Disable Disable Enable Designated 523 Forwarding 20000 128 Disable Disable Enable Designated 524 Forwarding 20000 128 Disable Disable Enable Designated 525 Forwarding 20000 128 Disable Disable Enable Designated 526 Forwarding 20000 128 Disable Disable Enable Designated 527 Forwarding 20000 128 Disable Disable Enable Designated 528 Forwarding 20000 128 Disable Disable Enable Designated 529 Forwarding 20000 128 Disable Disable Enable Designated 530 Forwarding 20000 128 Disable Disable Enable Designated
banner motd ~ ************************************************************* * St. School - Authorized Access Only * ************************************************************* This is a restricted access system owned by St. School. Unauthorized users are not permitted. All activity is monitored and logged. Violators will be prosecuted to the fullest extent permitted by law. If you are not an authorized user, LOG OFF IMMEDIATELY. ************************************************************* ~
(Aruba7220) (config) # uplink wired vlan 506 (Aruba7220) (config) # uplink enable
(Aruba7220) #clock set 2025 april 9 19 16 0
ntp server 69.89.207.199 ntp server 74.208.235.60 ntp server 216.239.35.0
(Aruba7220) #show ntp peer 69.89.207.199
remote ::, local ::
hmode client, pmode unspec, stratum 1, precision -23
leap 00, refid [GPS], rootdistance 0.00000, rootdispersion 0.00099
ppoll 6, hpoll 6, keyid 0, version 4, association 43701
reach 007, unreach 0, flash 0x0400, boffset 0.04109, ttl/mode 0
timer 0s, flags config
reference time: eba19202.2d5c89e0 Wed, Apr 9 2025 19:40:34.177
originate timestamp: 00000000.00000000 Thu, Feb 7 2036 0:28:16.000
receive timestamp: eba19202.7c4073cc Wed, Apr 9 2025 19:40:34.485
transmit timestamp: eba19202.7c4073cc Wed, Apr 9 2025 19:40:34.485
filter delay: 0.04109 0.04062 0.04088 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: -0.00372 -0.00432 -0.00460 0.000000
0.000000 0.000000 0.000000 0.000000
filter order: 0 1 2 3
4 5 6 7
offset -0.003723, delay 0.04109, error bound 1.39212, filter error 0.02745
remote host: 69.89.207.199
local interface: 172.16.36.10
time last received: 24s
time until next send: 43s
reachability change: 156s
packets sent: 7
packets received: 6
bad authentication: 0
bogus origin: 0
duplicate: 0
bad dispersion: 0
bad reference time: 0
candidate order: 0
flags: config
- Daylight Saving Time (DST)
- PDT (Pacific Daylight Time)
Orlando:
clock timezone CST -6 clock summer-time CDT recurring 2 sunday march 02:00 1 sunday november 02:00 -5
Houston:
clock timezone EST -5 clock summer-time EDT recurring 2 sunday march 02:00 1 sunday november 02:00 -4
(Aruba7220) (config) #ip domain-name company.net Operation may not take effect until a reboot
(Aruba7220) (config) #ip name-server 10.28.64.22 Operation may not take effect until a reboot
(Aruba7220) (config) #ip name-server 45.90.28.15 Operation may not take effect until a reboot
(Aruba7220) (config) #ip name-server 45.90.30.15 Operation may not take effect until a reboot
If you are using only one controller, you do not need to configure masterip.
If you are connecting Local controllers to a Master, then the masterip should be the management IP address of the Master Controller (which can be either a VLAN interface or a physical interface).
(Aruba7220) (config) #masterip 172.16.36.10 ipsec ipsec123
Note: Error: Master IP matches with an Interface address.
(Aruba7220) (config) #controller-ip vlan 506 Since controller IP address will change, connectivity to this controller might be affected. Do you want to proceed with this action [y/n]: y
aruba_networks/controller/aruba_mobility_controller_7220.1744244174.txt.gz · Last modified: 2025/04/09 19:16 by aperez