Cloud Managed Networks

Just getting started with Aruba Central and will only be looking at the switch managment features.

I am getting this error on 2 factory-defaulted 2530 switches in my lab:

05604 activate: EST enrollment with server failed because of unable to generate CSR

 

Nothing has come up on any searches.

Check to make sure the switch has the correct time. 

 

If you upgrade your code to the 004 version of code and above, it could solve the problem of setting the correct time.

I am on

 YA.16.04.0009

 

I have the NTP server option set and have UTC time set on the switch.

HP-2530-48G-PoEP# sho time
Mon Dec 18 22:52:22 2017

 

Try these commands:

 

debug ztp
debug destination session
debug aruba-central

 

Type "show activate provision"

Both switches were able to enroll around 10pm yesterday.  I didn't make any changes on my side at that time.

I will try adding another switch today.

Now getting a new error trying to activate a new 3rd switch:

 

W 12/19/17 11:37:45 05602 activate: EST provision with activate server failed because of not-authenticated.
I 12/19/17 11:37:45 05226 activate: Successfully resolved the Activate server address device.arubanetworks.com to 104.36.249.201.
W 12/19/17 11:32:55 05602 activate: EST provision with activate server failed because of of Activate SSL receive failure.
I 12/19/17 11:32:44 05226 activate: Successfully resolved the Activate server address device.arubanetworks.com to 104.36.249.201.

For me out of the box i get these errors.
Even if i factory reset.

After i enabled those logs, i see
"failed to form JSON data"
status code : not-authenticated

I could never get the system to work as expected so I just removed our devices.

 

Sorry I can't help out.

Not mentioned in any of these posts, and then assumptions is the  mo.. Was the switches visible/registered in your device inventory? And did you assign it a subscription? We usually get these errors when the switches are either not registered to a/the customer in Central, or no subscription added. Correct time is essential for all devices not shipped with .004.

And.. If you have entered any config elements at all - the switch will never sign up with Central. Need to reset it completely.

 

 

When entering the serial/Mac. Central says "sorry invalid... "....cant add via Cloud Key since regardless of what I do, it won't show up.

16.05 code. The errors in my previous post are always there.

What's interesting is that it also says something along the lines of the dhcp server is not providing proper dns.
But it is...
The switch logs show it can resolve
device.arubanetworks.com

Validating the server config. Definitely getting dns.

I'll try plugging the switch directly into the internet instead of behind a firewall

Invalid mac/serial - can also mean that the status of the device in Central is

Nope not in there.

I went through this process yesterday.  No matter what I did, it would not register on aruba central or activate.  I called tech support and went through four different techs.  The last tech kept trying the same commands over and over.  Until finally he relented and said he was going to have the someone manually enter the serial number on the back end.  After an hour or so, I came back to aruba central, and lo and behold the switch was there.  I didn't get any specifics unfortunately.  He mentioned that this was a somewhat common issue on the 2530 switch series. I have yet to try it on on any other switches.

 

In the end, I am somehwat disappointed in aruba central's management of switches.  It seems to completely take over.  The web gui is now disabled, and I can no longer use the cli to configure the switch.  Just about every command shows invalid input.  Making config changes on aruba central seems finnicky as well.  Some changes happen other changes don't.  I would be happy if all I could do was store my configs in the cloud and get system down notifications, but that seems to not be that simple.

 

If you want to store configs and get up/down, you need Airwave and you put the device in monitor only mode.
You would need to double check that the templates are compatible with your version of Airwave vs switch (if it is even supported).

Central is management of devices in the cloud.

TAC simply added the serial/mac manually in Activate and Central for you so that it will provision.

Thanks for sharing.

Robert,

 

Have you tried template groups in Central? I would recommend those over UI groups.

 

UI groups do not provide you complete configuration flexibility. e.g. spanning tree, modules are inconfigurable etc.

 

Template groups combine a template file and variable file to provide a per device configuration, that is exactly like, the device's running configuration.

 

CLI snippet is there to help you push CLI commands to device, for feature not in UI group. However, its a one time operation and a factory reset on the switch will fail to learn the CLI snippet change. Also there is no way to track, the CLI snippets pushed in past.

 

If you want, i can elaborate on the template groups.

 

2530 have been retro - fitted with cloud funcitionality, it lacks a TPM chip, so has to generate a certificate and a lot of folks are looking at the CSR error. The error fixes itself after a while though & switch connects to Central. Let me come back with engineering official stance on it. However if you choose any other model from the line up and they all have TPM chipset, & will not run into the CSR issue.

If you can elaborate on template groups, that would be very helpful.  We've just signed up for central, but I'm finding it very limiting.

 

Thanks

Andy

This is specific to the 2530, as this model does not have a TPM chip.

 

You need to have the switch in Activate, but then TAC needs to manually whitelist the serial as well. Once that is complete, unsubscribe / re-subscribe your switch and it should show up.