Command of the Day

Reply
Guru Elite
Posts: 21,025
Registered: ‎03-29-2007

COTD: "Zero Touch Provisioning" with an AP105

"Zero Touch Provisioning" is the ability to take a RAP5WN or a RAP2WG and point it to a controller without having to configure it from the controller itself. You would just put the mac address of the AP into the RAP whitelist, and anyone you send that AP to can provision that AP. The built-in Trusted Platform Module (TMP) has the APs mac address in it, so that the mac addresses cannot be faked.

It turns out that the AP105 ALSO has a trusted platform module that has the AP's mac address in it. Unfortunately, the AP105 does not present the end-user a web page to provision the AP, but if the user has a console cable, he can still provision it. The only requirement is that the AP105 would have had to have booted to a controller previously to have ArubaOS on it.

How to do this:

1. Make sure the MAC address of he AP105 is in the RAP whitelist on the controller
2. Plug a console cable into the AP105 and stop the boot sequence.
3. When you get to the "apboot>" prompt, type the following:

purge
setenv master remote.arubanetworks.com (where this is the URL of your RAP controller).
setenv remote_ap 1
save
boot


This will also work with the AP125.

Big shout to the engineer in TX who pointed this out to me.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Re: COTD: "Zero Touch Provisioning" with an AP105

FYI, I tried this with an AP105 and it worked perfectly! I made sure AOS 5.0.1 was on it first by just putting the AP on the same LAN as a lab controller that was running 5.0.1, then put the parameters in, RAP white listed it, and up it came.

Do the new AP-92/93 also have a TPM chip? I assume so, but I wanted to check. They're about the same price as a RAP-5W so that makes for another nice RAP option. Only one ethernet port on the 92/93, but you get dual-radio. EDIT: Oops, nevermind, they're just single radio. Probably no value as a RAP.
Guru Elite
Posts: 21,025
Registered: ‎03-29-2007

Ap92/93

The AP92/93 do have a TPM chip, and can be use with the method above.

They have a single radio so you can do 802.11a/n or 802.11b/g/n.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 455
Registered: ‎04-02-2007

Re: COTD: "Zero Touch Provisioning" with an AP105

Mike, why do you think single radio doesn't have value as a RAP? The RAP-2WG is a single radio B/G only, but that meets the needs in many deployments. Just wondering why you feel it's not a good selection...

thanks,
-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Re: COTD: "Zero Touch Provisioning" with an AP105

I was thinking I should have worded that better, and actually I thought the price for the AP-92/93 and RAP-5W were the same, but they're not. Looks like the RAP-5W is $200 more.

I think it actually has excellent value as an AP in remote AP mode. What I meant, before realizing the price difference, was it really wouldn't make much sense (to me) to pick an AP-92/93 over a RAP-5W for deployments where you would have normally used a RAP-5W. Since they're both single radio and the RAP-5W gives you four LAN ports and 3G uplink capabilities.

However, now that I see the AP-92/93 is $200 less, it would make a lot of sense to use one instead of a RAP-5W if you wanted 5GHz .11n, and didn't need LAN ports or 3G uplink. No zero-touch provisioning with the AP-92/93 either, but it's actually not that big of a deal at all to do the CLI provisioning.
Aruba Employee
Posts: 11
Registered: ‎07-20-2009

Re: COTD: "Zero Touch Provisioning" with an AP105

Thanks Colin for this one, really useful.
An advantage of the AP93 over the RAP5W that I see constanty in my region is that AP93 has a PoE port and can be deployed in the ceiling.
thanks
Carlos
Aruba Employee
Posts: 455
Registered: ‎04-02-2007

Re: COTD: "Zero Touch Provisioning" with an AP105

Mike, OK, now I see what you were getting at. Thanks for clearing that up.
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Frequent Contributor I
Posts: 67
Registered: ‎01-06-2011

download os mips32.ari

I have a RAP ap 105 that has not downloaded the OS from the controller and I am not near the controller to be able to do so. Is there anyway to get the os from the controller without having to be on the same layer 2 connection? I notice after putting in the master IP into the 105 that it attempts to TFTP to the master controller but it keeps producing checksum errors. Is it trying to connect via layer 3 to download the OS? Could I theoretically open the tftp port to the controller to allow it to pull down the OS? (mips32.ari)
Guru Elite
Posts: 21,025
Registered: ‎03-29-2007

Re: COTD: "Zero Touch Provisioning" with an AP105

You need to setup "master discovery" in your infrastructure. That would either mean setting up a DNS a-record of "aruba-master" to point to your controller or DHCP option 43 and 60 to point to the same. Please search for "Locating the Controller" in the ArubaOS user guide for more details.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: