Cert0101 HPE6-A42 & HPE6-A70

1. Cert0101: HPE6-A42 &
HPE6-A70
This guide is not to meant to replace “Implementing Aruba Wireless”
course. Students are advise to go through the IAW guide before using
this material.

2. Module 1
WLAN Fundamentals and RF Basics

3. 2.4 GHz, interference
An AP operates on channel 6, wireless security camera operating on channel 8 will cause
interference

4. 2.4 GHz Minimum Spacing
Minimum spacing to prevent overlap: 5 channels

5. Compare 802.11a/b/g/n/ac Data Standards
highest transmission rates in the 2.4GHz : 802.11n

6. Antenna Gain
high-gain omni-directional antenna provide more horizontal coverage and less vertical
coverage compare to a typical omni-directional antenna

7. MIMO
typical office environment with many surfaces where the signal can bounce increase
wireless speeds with MIMO

8. MU-MIMO
Unique in 802.11ac Wave 2 AP

9. dBm and mW Relationships
loss of 3 dBm equal of loss of 50%

10. Module 2
Mobile First Architecture

11. IAP Convert to CAP
Convert the IAPs to Campus APs controlled by the new MCs.

12. Controllers Model
determine number of supported users and firewall throughput

13. 7010 vs 7024
7024 support more POE devices directly connected to MC

14. Controller Portfolio
7030 support 64 AP

15. Controller Portfolio
Aruba Controllers deployment is new to ArubaOS 8: virtual appliances

16. IAP
IAPs operate in an autonomous or standalone mode

17. Master-Local Mode
The company already has a partially hierarchical deployment based on the 6.x code and
wants to keep the current architecture.

18. Mobility Master
It manages VLAN and routing configuration for multiple Mobility Controllers (MCs).

19. MM (8.x) vs Master (6.x)
Master cannot put interface setting to MC.

20. AP Failover
Cluster of Mobility Controllers provide high availability for APs

21. RAP Split tunnel
It sends traffic designed to the corporate network in an IPsec tunnel to a central Mobility
Controller (MC), and it bridges other traffic locally.

22. License Pool
All licenses install in MM.

23. Enable License
Enable feature in the Global Usage window

24. Calculating License Requirements

25. Licensing
Max number of AP supported (32)

26. License Redundancy
MC retains its current licenses for 30 days when MM is not reachable.

27. Controller Matrix
AP count, User count, Firewall throughput

28. Module 3
Mobility Master Mobility Controller Configuration

29. GUI Hierarchy

30. MM Sync config with MC
removes any commands that are not supported on that MC or have dependency errors

31. Module 4
Secure WLAN Configuration

32. AP Group
Place APs in different buildings in different AP Groups to have different config.

33. Profiles
AAA profile to assign an authentication server group

34. WLAN Creation
No Broadcast SSID: Hidden SSID

36. Forwarding Mode
Decrypt-tunnel: User traffic decrypt at AP

37. Default Forwarding Mode
Tunnel to Mobility Controller, in MM or Master-Local architecture.

38. Setup Preshared key (PSK)
Click Personal in the slide bar

39. Module 5
AP Provisioning

40. Radius Authentication
Mobility Controller exchanges RADIUS packets with the RADIUS server

41. AirMatch
With new AP run

42. Controller Discovery
Map the Mobility Controller (MC not MM) IP addresses to the aruba-master name on the
network DNS server.

43. Module 6
WLAN Security

44. WPA/WPA2 Negotiation
Keys are generated and distributed securely during each wireless user authentication
process.

45. MAC Authentication
Authorized MAC addresses are visible in plaintext in the air and can be easily spoofed

46. Two way authentication
issue: The user clients do not trust the RADIUS server certificate and are configured not to
prompt users to trust new certificates.

47. Authentication Methods
802.1X authentication occurs at Layer 2, while captive portal authentication occurs at Layer
3.

48. WPA2-Enterpise
Require Radius Server

49. Radius Shared key

50. Authentication with EAP-TLS
Authenticator forward the authentication requests to Radius Server.

51. Authentication with 802.1x/EAP
Radius Server determine the EAP Type, not the controller

52. EAP-TLS
unique digital certificates installed on user devices to authenticate wireless users

53. Machine Authentication
authenticate the Windows clients as well, based on the client Computer Names.

54. ClearPass
RADIUS Authentication Server

55. LDAP
Authenticate directly against an Active Directory (AD) domain controller without NPS or IAS

56. Access Points, Air Monitors, Spectrum Monitors
An AM detects threats such as rogue APs, while an SA analyzes RF conditions.

57. Access Points, Air Monitors, Spectrum Monitors
AM help to detect rogue APs in the environment
Prevent client connections to rogue APs.

58. WIDS
Protect attack at Layer 2

59. Spectrum Monitor (SM)
Analyze RF signals to determine the cause of non-802.11 interference.

60. Testing Communication Between Mobility
Controller and RADIUS Server

61. Module 7
Firewall Roles and Policies

62. Aruba Firewall Role
Set bandwidth limit

63. Aruba Firewall Role
Create a policy with these rules, and then apply that policy to the roles

64. Aruba Role Derivation from Radius Server
RADIUS server send different roles for users in different departments. Apply role-based
firewall policies.

65. Firewall Rule
user any any permit rule It permits traffic from wireless clients as long as the packet has a
source IP.

66. Application Rule
prevent wireless users from accessing shopping web sites with a bad reputation.

67. Firewall Policy to allow DHCP
DHCP setting: source = any and destination = any

68. Global Rule
It immediately applies to the guest role and other roles, as part of the first policy applied to
the role.

69. WLAN Default Role
users who successfully authenticate and are not assigned a different role by the RADIUS
server

70. AAA Profile, Default Role
The RADIUS server is not correctly set up to send a user role, default role will be used.

71. Module 8
Dynamic RF Management

72. AirMatch
MM generates the channel and power plan for an AP

73. AirMatch Solution does not get deployed
New Plan did not offer significantly improved quality

75. AirMatch LSM Upgrade
Upgrade Client Match as part of a global software upgrade, and upgrade AirMatch separately as a
loadable service module (LSM).

76. AirMatch FAQ
Disable ARM profile does not affect AirMatch

77. Client Match
balance wireless devices across APs on different channels

78. Module 9
Guest Access

79. Guest Network with NAT
Enable NAT on the VLAN assigned to the guest WLAN.

80. L3 Deployment
VLAN interfaces on the Mobility Controllers (MCs) as the default gateway for wireless users

81. Captive Portal Process
FW permits them to send any DHCP traffic and DNS and web traffic to the Internet. It
redirects web traffic destined to the private network to a login portal.

82. PEFNG with Captive Portal
addition of custom rules to control access for authenticated guests

83. Captive Portal without authentication
use of internal captive portal with email registration

84. Internal Captive Portal
Administrators can modify the default internal captive portal pages or upload pages
developed externally.

85. Guest Provisioning Account
create guest user accounts

86. Guest-logon role
allows DHCP, DNS, and internal captive portal redirection for a guest WLAN

87. WebUI Certificate

89. Guest Access
Add ClearPass as Radius Server

90. ClearPass Guest
Option for Guest to create own account

91. Module 10
Network Monitoring and Troubleshooting

92. Top Banner
list of alerts about a variety of issues on the MM or managed devices

93. Client Dashboard
Display roles to which these users are actually assigned

94. Client Health
50% means the AP about twice as long to send data to the client as expected if all
transmissions succeeded.

95. Performance Dashboard
monitor the health status of all APs, and clients

96. Traffic Analysis
The solution must have active PEFNG licenses.

97. Filter View
To see the break down for only roles, destinations, WLANs and devices that use this application

98. Security Analysis Dashboard
list of rogue AP and Interfering AP

99. AirWave vs MM
AirWave collect and analyze information about client and AP over extended periods of time

100. AirWave Monitoring Devices
Click “Poll Controller Now” to get real time info.

101. AirWave vs Mobility Master

102. MM Dashboard
to analyze short terms trends in network usage by client, AP, and application

103. MM: Potential Issues
Low SNR problem of below 30

104. Traffic Analysis Dashboard
show types of applications in use in the wireless network

105. AirWave
Configuration Status: Error (Communication Issues)

106. Security of Data in the Air
WPA2 provides both data integrity and privacy with AES.

107. Different between WPA and WPA2 encryption
WPA encryption uses TKIP by default, and WPA2 encryption uses AES by default .

108. AirWave: Monitor Clients
AirWave combines information from more sources, such as RADIUS authenticating servers
and APs.

109. Aruba AP Mesh
mesh portal

110. Aruba Multizone
Usecase: multiple controller with different administrative domain