Access Points

Occasional Contributor II

'printenv' command on AP's

Hi Folk's

i want to understand what parameters can be permanently stored on an AP

Default Parameters:

apboot> printenv
bootcmd=boot ap

Aruba AP Variables
General Variables:
setenv ipaddr x.x.x.x
setenv netmask x.x.x.x
setenv gatewayip x.x.x.x
setenv master x.x.x.x
setenv serverip x.x.x.x
setenv location b.f.l
setenv group xxxxxx

Required without DNS or option 43:
setenv master x.x.x.x
setenv serverip x.x.x.x

Required without DHCP:
setenv ipaddr x.x.x.x
setenv netmask x.x.x.x
setenv gatewayip x.x.x.x

Required for RAP:
setenv name
setenv group
setenv master x.x.x.x
setenv serverip x.x.x.x
setenv a_antenna 0
setenv g_antenna 0
setenv ikepsk D214BF31B5C8E15031457BA12042E9F769ECB4FF789E62E4
setenv papuser
setenv pappasswd D99047FAB49E4C40DD560E66AE1F19C940D73CA09C32D461
setenv auto_prov_id 9
setenv mesh_role 0

Please, when possible, post some 'printenv' outputs from your AP to see more details. That helps to understand AP function.

Thanks so far

Re: 'printenv' command on AP's

Anecdotally, most people never look at the AP console anymore, and only do provisioning from inside the controller. Particularly now with the new "AP Wizard" in 3.4. I can't remember the last time I needed to console into an AP.

If I recall correctly, the CLI reference guide or possibly the AP installation guide has a complete listing of apboot parameters and what they mean. If you can't find it, post back here and I'll try to track it down.
Jon Green, ACMX, CISSP
Security Guy
Super Contributor I


There's a great chance we are simply "stuck in our ways", but I cannot imagine an easier installation workflow than consoling into new APs to provide ap-name and ap-group. This allows the APs to come up once installed. Otherwise, admins would need to reprovision once they are on the controller (assuming they are on the correct controller).

It would be interesting to hear everyone's workflow . . .
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Guru Elite

Ap-rename and ap-regroup

There are some users that run a script that runs sets of ap-rename commands and/or ap-regroup commands on the commandline to put APs in their place.

They will scan the AP serial numbers, scan the AP mac addresses and also make a column for ap-name or ap-group. Since the serialnumbers do not change, they do something like this:

( #ap-rename serial-num A300123043 "New-AP-Name"

and then later...

( #ap-regroup serial-num A300123043 "New-ap-group"

So they will plug APs in, record the mac and the serial, make a column for the real name, or group and paste the commands in. The great part about the "serial" parameter is that you can run these commands as many times as you want, and it will always change the intended AP to what you want it to be, instead of looking for an existing name, that might have been changed already.

I'd also like to hear about all the deployment scenarios people are using.

In addition, Airwave also supports ap-provisioning....
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
Occasional Contributor II

Re: 'printenv' command on AP's

We've got our master controller (a 2400) configured with its copper ports on a provisioning VLAN, running DHCP. My techs note their AP MAC addresses, connect the APs to the front of the 2400, log into its WebUI and run through the AP Installation screen. Seems simplest for them, no commands to remember, no console cables or power bricks necessary. Once that's done, the APs can be installed with no further input from the tech.

We did it via the console for quite some time, which worked, but the lack of error checking was a real problem. I had a lot of techs calling me complaining that their AP wasn't coming online, only to find they'd typed "ip-addr" instead of "ipaddr" or somesuch.
Occasional Contributor II

AP Demo installation

Thanks for your Comments

The reason why i am start that Topic was to understand how the AP exactly works
and what elso you can do with that.

Ok, lets talk about one example:

On a Trade show you are renter of Wireless Equipment for a limited time frame for
a lot of customers. As the Euipment come back into the Office there is no relationship
between the AP and the controller anymore. So you have to purge all AP's
and go back to the controller and reinstall everything. Awfull work. Check AP's provisioning etc.

With a fix configuration on the Controller and scripts for the AP's you can load a predefined
config on the AP and they come up fast without doing much work.

Example 2:
Just in case it takes time to install the controller, we need to install an
emergency RAP. The RAP has a option for Bridge Mode and SSID always up.
(or backup)

My question: Can you power up that RAP without an controller connection? Normally, if that RAP
is configured for Bridge Mode it keep a config in the Flash.

When you login via console and save a predefined config that would be great.

The customer get into the internet while you install that controller offline. When you are ready,
you connect the AP and controller. Last work is to reconfigure user and pw in the local DB.
Here we go, up and running!.


New Contributor

Re: 'printenv' command on AP's


additionally I would like to know how to get the ipsec key and password into the RAP (via console and setenv), for this is encrypted when you see the printenv.
Guru Elite


You cannot input the IPSEC preshared key into the console, because it is encrypted. The best thing is to have a RAP2 or RAP5, which has Zero Touch provisioning.

With an "always" SSID, you can have a WPA2-PSK ssid that can come up, even if the RAP does not have any connection to the controller.
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
New Contributor

Re: 'printenv' command on AP's

Yep, I know that, but it´s so much easier to configure the RAPs via console.

Would be good to know how the Aruba Controller handles the HASH for the encryption, so that you can generate it yourself.

But that hasn´t been the main topic. Sorry Mr. Weihrauch.
I am also keen on learning more environment commands, so please, if somebody knows anything, feel free to add it to this post!
Guru Elite


If the encryption was reversible, any RAP that fell it anyone's hands, they can recover your enterprise IKE psk, and password.

Zero touch and cert-based provisioning was designed to make this more secure, more field serviceable and simpler to deploy than using the console. Most users who come from the IKE preshared key world never go back when introduced to zero touch provisioning. Preshared key with username and password is available on all AP platforms. Zero Touch Provisioning is supported on the RAP5WN, the RAP5 and the RAP2WG. Cert-Based Provisioning is available on all these platforms, but also works on the AP92/93, AP105 and the AP125, which have built-in certificates. Instructions on how to provision cert-based APs with a console port (AP 92/93, AP105, AP124/5) without a controller is here:

The beginning of this thread details the majority of useful environment commands out there. Two not mentioned are "purge", which clears all environment variables, and "clear os", which will wipe the OS from the AP.
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: