Configuring Mobility with AOS-8 Level 3 v20.21 (AMST)

Welcome to this weeks class (CAM L3)

Welcome to AMST v24.22
Configuring Mobility with AOS-8
(Level 3)



Please be sure you have downloaded the learner guide and lab guide as per the instructions you received from an email you would have received from HPE last week.  Check your email history, spam folder, etc... for the keyword "OnSecure" if you cannot find the email. (you can print from Kortex, but only during the first 10 days you have access, otherwise, you can view the learner guide for one year)

    Today's Notes

    • SSID: xxx      password: see whiteboard in class
    • read this lab tips blog, it details:
      • how to set up long logout timers for console access
      • set up a known AP console password (or none for that matter)
      • using "ap-boot" on the MC console to quickly reboot your ap
      • etc...

  • In this spreadsheet, you will find the links for:
    • My Contact Details
    • Course Evaluation Link
    • Lab Access Login Details
      • Notice your name listed, you will find your table assignment
    • Lab Guide 1 & 2

    Lab Notes

Day 1 - Lecture Modules & Labs

    M00: Course Introduction

    M01: Troubleshooting Overview

    M02: MM L2 vs. L3 Redundancy

    • Lab Section 1: MM connectivity, adding licenses to global pool
      • Task 1: MM base configuration
      • Task 2: Global License Pool
    • Lab Section 2: Mobility Master Redundancy
      • Task 1: VRRP
      • Task 2: Troubleshooting VRRP
      • Task 3: Configuring Database Synchronization
      • Task 4: Troubleshooting MM Redundancy
    • Lab Section 3: Multi-controller Operations
      • Task 1: Hierarchy Group Structure
      • Task 2: Named VLANS
      • Task 3: Connect MC to MM
      • Task 4: Troubleshooting MM and MC Communications
        • 4.Step A Exercise #1: Part 1: implement MM & MC2
        • 4.Step A Exercise #1: Part 2: verify Connectivity
          • page 70: you may notice both 0/0/0 and 0/0/1 in forwarding state, check your switch spanning-tree state, you may find your switch is blocking int 1/1/23 with alternate state.  you can proceed with lab as is
          • page 73: notice MC2 received IPsec messages, but MM does not in return, what protocols are important for MC <-> MM operations?
      • Task 5: Creating License Pools
      • Task 6: Secure Employee WLAN Requirements
    • Lab Section 4: AP Provisioning
      • Task 1: Provision AP1
      • Task 2: Troubleshooting AP & MC Communications
        • 2.Step A Exercise #1 (page 118)
          • notice AP2 appears to have stability problems, what protocols are important for AP operations?
        • 2.Step B Exercise #1 (page 123) Test Connectivity to AP2
        • 2.Step C Exercise #2 (page 125) Remove employee VLAN X1 map from MC1
      • Task 3: Troubleshooting Client Association & Authentication (+ optional exercises)
        • 3.Step A Exercise #1: (page 131) Remove employee VLAN X1 map from MC1
          • page 135: "Station Manager Logs": unable to locate unassociated clients
          • note: it is easier to locate unassociated clients using:
            • #show wms client tree | include <client-mac>
              •  here you see a list of monitoring stations and their respective RSSI to the client in question.
Monitor Eth MAC    PHY Type  MAC                ESSID              RSSI  Dur  Cnt  Class        BSSID
---------------    --------  ---                -----              ----  ---  ---  -----        -----
70:3a:0e:cd:71:62  80211A    70:4d:7b:10:9e:c1  P4-Employee6       56    1    1    valid        70:3a:0e:57:16:30
70:3a:0e:ce:1d:08  80211A    70:4d:7b:10:9e:c1  P4-Employee6       54    179  10   valid        70:3a:0e:57:16:30
        • 3.Step B Exercise #2: (page 137) 802.1x Authentication Issue
          3.Step C Exercise #3: (page 148) 802.11b mode, disabled data rates
      • Task 4: Secure AP Console
    • NOTE: on "Day 1" you should finish up to:
        • page 156 of "Lab Guide - Volume 2"
        • Lab Sections (1 - 4) must be finished before moving forward

    Day 2 - Lecture Modules & Labs

        M03: Clustering (L2 & L3 Deploy & Hitless failover)

          M04: Multizone

          M05: Role Derivation Process

        • Lab Section 5: Clustering
          • Task 1: Setup Clustering
            • page 167: notice your cluster nodes appear to have a communications issue
              • ISOLATED leader, SECURE-TUNNEL-NEGOTIATING
          • Task 2: Troubleshooting
        • Lab Section 6: Advanced Clustering
          • Task 1: COA
          • Task 2: Troubleshooting
        • Lab Section 7: MultiZone & Guest Access Using External Captive Portal
        • Lab Section 8: Role Derivation & Firewall Policies
          • note: see Errata for LG vol 2 task 2, Step a, Page 263
            • notice the last page of Errata for update graphic as well

      • NOTE: on "Day 2" you should finish up to:
          • page 296 of "Lab Guide - Volume 2"
          • Lab Sections (5 - 8) must be finished before moving forward
        • note: If you're fluent with Roles/Policies/Services:
          • create the role with “any any any ip permit” and move forward to save time. 

      Day 3Lecture Modules & Labs

          M06: Dynamic Segmentation

            M07: Voice & Video Optimization

            M08: Dynamic RF Management

          • Lab Section 09: Remote AP
          • Lab Section 10: Dynamic Segmentation
          • Lab Section 11: Voice & Video Optimization
            • CLI commands
              • show ucc call-info cdrs    (call detail records)
              • show ucc client-info
              • show dpi application all | include alg
              • show dpi application <app-name>
            • here are some of the LAB equivalent CLI commands
            cd /md
             configure terminal
            user-role employee
               access-list session skype4b-acl position 3
               access-list session voip-applications-acl position 3
            user-role contractor
               access-list session skype4b-acl position 3
               access-list session voip-applications-acl position 3
            user-role authenticated
               access-list session skype4b-acl position 3
               access-list session voip-applications-acl position 3
               exit
            exit
            write memory
          • Lab Section 12: Dynamic Radio Management
        • NOTE: on "Day 3 & 4" you should finish up to:
            • pick and choose which Lab Sections you would like to work on based on the importance of that lab/section for you
            • your minimum goal should be to get at least 15 section of the SuperLab completed the first 4 days of this class. 

        Day 4 - Lecture Modules & Labs

            M09: AirGroup

            M10: IAP VPN

            M11: RFProtect

          • Lab Section 13: AirGroup
          • Lab Section 14: AirWave
            • page 437: Add Devices to AirWave
              • do NOT include the enable "password"
              • just leave that field blank, 8.x does not use it
            • note: see Errata for LG vol 2 task 4, Step c, Page 455
            • note: see Errata for LG vol 2 task 6, Exercise 1, Page 462

              • Lab Section 15: Advanced AOS Features
            Minimum Superlab Goals Achieved
              • Lab Section 16: Spectrum Analysis
              • Lab Section 17: Air Monitor
              • Lab Section 18: IAP
                • check what code you are running on your IAP, you may need to backrev to 8.3.0.x
                • if you are running 8.4 or higher, you may need to know the serial number to login
                  • power cycle your IAP
                  • intervene with boot rom
                  • run "mfginfo" cmd and use the reported serial number as your default admin password
                              apboot> mfginfo
                              Inventory:
                              Card 0: System
                              	Date Code           : 100616
                              	Serial              : CNC7J0Y4XY
                              	Wired MAC           : a8:bd:27:c4:c7:2a
                              	Wired MAC Count     : 2
                              	Radio 5G SN         : NIDFG40019D1X01
                              	Radio 2G SN         : NIDEG40001C7X01
              • Lab Section 19: Guest Access using Internal Captive Portal of MC

            Day 5 - TroubleShooting (10 tickets)

            • Day 5: ensure you finished at least 17 of the modules of the SuperLab, preferably all 19.
                • Once complete, move on to the Troubleshooting tickets section of the course.
                • You will have to reset your equipment to do so.
              • Ticket 1
                • note: see Errata for LG vol 3 Ticket 1, Page 14,15
            • In the following weeks after this course is completed, you should prepare your own lab and do the MOC exam included in your lab guides.
              • You also have the option to rent self directed practice labs where you can practice the MOC exam and/or redo the SuperLab (see link to order this in M00 section above)

                Appendix

              • Acronyms
                • EAP: Extensible Authentication Protocol
                • MC: Mobility Controller
                • MG: Mobility Gateway (MC converted to run SDBranch Firmware)
                • MM: Mobility Manager now known as a Mobility Conductor
                • RTP: Real-Time Transport Protocol
                  • network protocol that delivers streaming audio or video usually in east west directions within campus or between campus, or accross internet

                  Lab Access Errata

                • when experiencing any problems with remote lab access (WebGate):
                  • be sure your browser is in private (incognito) mode
                  • restart your browser and clear your cache and cookies
                  • do not try to login unless you are 100 percent sure the login page is fully loaded (the tab favicon will look similar to an orange triangle)













                Neal Vadekar, SME, ACEX, ACSX, ACMX, ACDX, ACCP, ACNSP, ADCNS

                Comments

                Post a Comment

                Popular posts from this blog

                Arubanetworks Webgate - Copy and Paste instructions

                Copy/Paste Text from local to remote  Copy/Paste from local to remote  You need to copy the text between local and remote devices as follows: Copy the text from your local machine as usual Press Ctrl+Alt+Shift to get the menu (don't do this on the network diagram, only on telnet / RDP sessions) on macOS, type Co ntrol+Option+Shift Paste the text in the box that shows on the menu (this copies the text to the remote server) Press Ctrl+Alt+Shift to close the menu (or do this after the next step) Right-click on the device to paste in telnet or paste normally in the remote RDP session Copy/Paste from remote to local To copy to your local machine from the remote switch reverse this: Select the text like you would with Putty Press Ctrl+Alt+Shift to get the menu (don't do this on the network diagram, only on telnet / RDP sessions) Copy text from box on menu Press Ctrl+Alt+Shift to close the menu (or do this after the next step) Paste as usual on your local PC Copy/Paste an Archive of ...
                Read more