ArubaOS and Controllers

Reply
Occasional Contributor I
Posts: 8
Registered: ‎03-10-2010

XML-API documentation

I came across some info on passing commands to the ArubaOS via XML-API,but I cannot find official documentation for this. Has anyone come across it?

We're running ArubaOS 3.3.3.8 and it looks like I can pass commands to https://serverip/auth/command.xml, but I'm a little unclear as to how to set up the sever in the AAA profile of the access point. Any help would be greatly appreciated.
Guru Elite
Posts: 21,515
Registered: ‎03-29-2007

Re: XML-API documentation

Attached.

This document is in the ArubaOS 6.x user guide.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 8
Registered: ‎03-10-2010

Re: XML-API documentation

Thanks for the quick response. We wanted to upgrade the firmware on our controller anyway. We're now up to the latest and greatest. I've tried using curl and php/curl and the only response I'm getting is "unknown external agent". I read a posting from you where you mentioned that this usually means that xml is not being sent. This is the curl command that i tried:

curl -vikd "xml=00:22:FB:5D:6B:74xxxxcleartext1.0" -H "Content-Type: text/xml" https://1.1.1.1:4343/auth/command.xml

OUTPUT:
* About to connect() to 1.1.1.1 port 4343 (#0)
* Trying 1.1.1.1... connected
* Connected to 1.1.1.1 (1.1.1.1) port 4343 (#0)
* Initializing NSS with certpath: /etc/pki/nssdb
* warning: ignoring unsupported value (1) of ssl.verifyhost
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Certificate is signed by an untrusted issuer: 'CN=PositiveSSL CA,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB'
* SSL certificate verify ok.
* SSL connection using SSL_RSA_WITH_3DES_EDE_CBC_SHA
* Server certificate:
* subject: CN=securelogin.arubanetworks.com,OU=PositiveSSL,OU=Domain Control Validated
* start date: Nov 22 00:00:00 2010 GMT
* expire date: Nov 21 23:59:59 2013 GMT
* common name: securelogin.arubanetworks.com
* issuer: CN=PositiveSSL CA,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
> POST /auth/command.xml HTTP/1.1
> User-Agent: curl/7.21.0 (x86_64-redhat-linux-gnu) libcurl/7.21.0 NSS/3.12.8.0 zlib/1.2.5 libidn/1.18 libssh2/1.2.4
> Host: 1.1.1.1:4343
> Accept: */*
> Content-Type: text/xml
> Content-Length: 155
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Wed, 24 Aug 2011 20:03:40 GMT
Date: Wed, 24 Aug 2011 20:03:40 GMT
< Server:
Server:
< Vary: Accept-Encoding
Vary: Accept-Encoding
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
< Content-Type: text/xml
Content-Type: text/xml

<

Error
3
unknown external agent


Any ideas on this?
Guru Elite
Posts: 21,515
Registered: ‎03-29-2007

Re: XML-API documentation

You have to setup the server that you are sending the CURL from in the controller as an XML-API server, on the AAA profile of the device you are doing any action on:

config t
aaa xml-api server 192.168.1.3
key arubarocks
exit
aaa profile default (or whatever the AAA profile for that Virtual AP is)
xml-api-server 192.168.1.3

On your XML server, you also need to include the key (arubarocks in this case) in the XML-API call in the key field.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 8
Registered: ‎03-10-2010

Re: XML-API documentation

I should have mentioned that I set up two xml-api servers and applied it to our academic SSID:

(Aruba-Academic) #show aaa xml-api statistics 

ECP Statistics
--------------
Statistics 1.1.1.1. 1.2.2.2
---------- ------------ -----------
user_authenticate 0 (0) 0 (0)
user_add 0 (0) 0 (0)
user_delete 0 (0) 0 (0)
user_blacklist 0 (0) 0 (0)
user_query 0 (0) 0 (0)
unknown user 0 (0) 0 (0)
unknown role 0 (0) 0 (0)
unknown external agent 0 (0) 0 (0)
authentication failed 0 (0) 0 (0)
invalid command 0 (0) 0 (0)
invalid message authentication method 0 (0) 0 (0)
invalid message digest 0 (0) 0 (0)
missing message authentication 0 (0) 0 (0)
missing or invalid version number 0 (0) 0 (0)
internal error 0 (0) 0 (0)
client not authorized 0 (0) 0 (0)
Cant use VLAN IP 0 (0) 0 (0)
Invalid IP 0 (0) 0 (0)
Cant use Switch IP 0 (0) 0 (0)
missing MAC address 0 (0) 0 (0)

Packets received from unknown clients : 18 (0)
Packets received with unknown request : 0 (0)
Requests Received/Success/Failed : 18/0/18 (0/0/0)
Occasional Contributor I
Posts: 8
Registered: ‎03-10-2010

Re: XML-API documentation

(Aruba-Academic) (config) #show aaa xml-api server

XML API Server List
-------------------
Name References Profile Status
---- ---------- --------------
1.1.1.1. 1
1.2.2.2 1

Total:2


both have keys





show aaa profile Acad-open

AAA Profile "Acad-open"
-----------------------
Parameter Value
--------- -----
Initial role Acad-users
MAC Authentication Profile N/A
MAC Authentication Default Role guest
MAC Authentication Server Group N/A
802.1X Authentication Profile N/A
802.1X Authentication Default Role authenticated
802.1X Authentication Server Group N/A
L2 Authentication Fail Through Disabled
RADIUS Accounting Server Group N/A
RADIUS Interim Accounting Disabled
XML API server 1.1.1.1
XML API server 1.2.2.2
RFC 3576 server N/A
User derivation rules N/A
Wired to Wireless Roaming Disabled
SIP authentication role N/A
Device Type Classification Enabled
Enforce DHCP Disabled
Occasional Contributor I
Posts: 8
Registered: ‎03-10-2010

Re: XML-API documentation

those are of course false ip addresses
Guru Elite
Posts: 21,515
Registered: ‎03-29-2007

Re: XML-API documentation

Make sure that you are sending the calls in cleartext:

cleartext to the xml post


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 8
Registered: ‎03-10-2010

Re: XML-API documentation

got that and the key. i can try reentering the key to make sure i have the correct one.
Occasional Contributor I
Posts: 8
Registered: ‎03-10-2010

Re: XML-API documentation

got the correct keys configured too.
Search Airheads
Showing results for 
Search instead for 
Did you mean: