Command of the Day

Ideas Exchange

We want to hear from you on how we can improve our community and looking forward to seeing you share your experience with other members. Take a look at the list below, find the ideas you like or submit your own.

Note: You can submit an official Aruba product feature request by going to Aruba Support Center. In case you need more information on how to submit a feature request, please read our how-to article.

POST AN IDEA

I have installed a bunch of IAP's and would like to integrate them in my SNMP management system (in my case IMC).

They have been discovered perfectly but when I tried to change some basic MIB-II objects (systemLocation, systenContact, etc)  the IAP VC refuses the change saying that these objects are not writable.

I think this should be changed so that IAP's can be integrated into any SNMP managers or asset management system, and to make them compliant with SNMP MIB-II specifications.

Quickly test your radius authentication

by MVP MVP ‎01-08-2015 07:10 PM - edited ‎02-01-2015 09:05 AM

First, find out what the name of the radius server:

(Aruba) #show aaa authentication-server radius

RADIUS Server List
------------------
Name  References  Profile Status
----  ----------  --------------
DC    1

Total:1

 Now test the authentication against radius server "DC"

(Aruba) #aaa test-server mschapv2 DC ngutri MyPassword123

Authentication Successful

 

I have seen that in the latest firmware release of instant, Aruba has added a functionality to detect URLs of HTTP and HTTPS browsing and send this information to an Analytic Server Engine server. It would be perfect if these URLs could also be sent to a syslog server to have web browsing records that could be sent to the police or to the court, as part of an investigation of a criminal offense.

To see the current RSSI and Rate of Clients Connected to an Access Point, use the "show ap debug client-table ap-name <name of ap>" command.  Sorry in advance for the wrapped columns below.  Attached is also a screenshot:

 

(192.168.1.3) #show ap debug client-table ap-name Office-225


Client Table
------------
MAC                ESSID     BSSID              Assoc_State  HT_State   AID  PS_State    UAPSD            Tx_Pkts  Rx_Pkts  PS_Qlen  Tx_Retries  Tx_Rate  Rx_Rate  Last_ACK_SNR  Last_Rx_SNR  TX_Chains  Tx_Timestamp              Rx_Timestamp              MFP Status (C,R)  Idle time  Client health (C/R)
---                -----     -----              -----------  --------   ---  --------    -----            -------  -------  -------  ----------  -------  -------  ------------  -----------  ---------  ------------              ------------              ----------------  ---------  -------------------
58:55:ca:60:e5:ed  CatchMe   9c:1c:12:90:5d:90  Associated   M          0x1  Awake       (0,0,0,0,N/A,0)  50718    69986    0        5823        58       65       24            35           3[0x7]     Thu Jul  3 12:36:03 2014  Thu Jul  3 12:36:03 2014  (0,0)             9          100/91
bc:f5:ac:e0:2e:8f  ACME-TLS  9c:1c:12:90:5d:91  Associated   cAWvSsEeb  0x3  Power-save  (0,0,0,0,N/A,0)  569      1185     0        28          200      200      27            30           3[0x7]     Thu Jul  3 12:35:53 2014  Thu Jul  3 12:35:54 2014  (0,0)             18         90/91
70:56:81:b2:cc:15  ACME-TLS  9c:1c:12:90:5d:91  Associated   WSsM       0x2  Awake       (0,0,0,0,N/A,0)  81362    75199    0        2289        300      300      23            33           3[0x7]     Thu Jul  3 12:36:11 2014  Thu Jul  3 12:36:11 2014  (0,0)             0          93/91
9c:04:eb:75:5f:c0  ACME-TLS  9c:1c:12:90:5d:91  Associated   WQSs       0x1  Power-save  (0,0,0,0,N/A,0)  5382     10861    0        461         120      150      36            37           3[0x7]     Thu Jul  3 12:36:04 2014  Thu Jul  3 12:36:05 2014  (0,0)             7          87/91
3c:77:e6:b1:0a:af  CatchMe   9c:1c:12:90:5d:80  Associated   sb         0x1  Awake       (0,0,0,0,N/A,0)  171      1542     0        11          72       72       36            36           3[0x7]     Thu Jul  3 12:36:05 2014  Thu Jul  3 12:36:05 2014  (0,0)             7          100/16
                                                                                                                                                                                                                                                                                          

 rates.png

 

COTD - show auth-tracebuf

by Community Administrator ‎06-20-2014 07:33 AM

When you want to see the exchange betweent the client and the controller to monitor what is taking place you can use:

 

#show auth-tracebuf

 

auth tracebuf.PNG

COTD - Blinking LEDs

by Community Administrator ‎10-14-2014 06:50 AM

Just in case you like me and cannot remember exactly where AP 9c:1c:12:8a:48:o8 is you can flash the LEDs on the AP to locate it.

 

(Aruba3200-US) #ap-leds ?
all Control LEDs on all APs
ap-group Control LEDs on APs in this group
ap-name Control LEDs on AP with this name
ip-addr Control LEDs on AP at this IP address
wired-mac Control LEDs on AP at this MAC address

 

(view in My Videos)

COTD - Show Inventory

by Community Administrator ‎10-07-2014 08:38 AM - edited ‎10-07-2014 08:41 AM

Your controller has physical properties that can be monitored, temperature, voltage etc. To see the current physical status of the controller or get the serial number issue:

 

(Aruba3200-US) #show inventory    -Displays hardware inventory of the controller

 

show inventory.PNG

COTD - AP Spectrum Local Override

by Community Administrator ‎09-17-2014 12:28 PM

You can create temporarily convert an AP to an air monitor to check the RF in the environment around the AP. Just dont forget to convert it back!

 

To create a temp monitor use:

 

(config) #ap spectrum local-override

 

Full command below:

efegrerg.PNG

 

To convert it back:

 

(Aruba3200-US) (config) #ap spectrum local-override
(Aruba3200-US) (Spectrum Local Override Profile) #no override ap-name

COTD - Rebooting an AP

by Community Administrator ‎08-19-2014 07:27 AM

If you are needing to boot an AP or an entire group or even all asssociated AP you can use:

 

#apboot 

 

There are several modifiers to the command see below.

 

AP Boot.PNG

COTD - Instant - show ap debug auth-trace-buf

by Community Administrator ‎07-22-2014 01:37 PM - edited ‎08-05-2014 08:43 AM

Instant version of AOS #show auth-trace-buf

 

#show ap debug auth-trace-buf

 

instant auth trace buffer.PNG

COTD - TACACS Server Configuration

by Community Administrator ‎07-21-2014 11:46 AM

To configure a TACACS server enter Conf Terminal, and enter #aaa authentication-server tacacs <abcdefgh>

 

TACACS.PNG

 

COTD - TACACS Server Configuration

by Community Administrator ‎07-21-2014 11:46 AM

To configure a TACACS server enter Conf Terminal, and enter #aaa authentication-server tacacs <abcdefgh>

 

TACACS.PNG

 

When you need exact current statistics on an individual AP you can use:

 

(Aruba3200-US) #show ap debug system-status ap-name 9c:1c:12:c0:a4:8a

 

AP debug.PNG

COTD - Setenv Master

by Community Administrator ‎06-12-2014 06:04 PM

This command is used inside an access point cli. It is used for setting the master controller IP.

 

            - setenv master 172.20.5.25

COTD - Changing AP Name and Group

by Community Administrator ‎06-12-2014 06:02 PM - edited ‎06-12-2014 06:05 PM

ngutri's command - Use to chage name and group of an access point. 

 

#ap-regroup ap-name 24:de:c6:c2:5f:e6 NEW-AP-GROUP

#ap-rename ap-name 24:de:c6:c2:5f:e6 NEW-AP-NAME

 

 

COTD - DHCP Server Configuration

by Community Administrator ‎06-12-2014 05:59 PM - edited ‎06-12-2014 06:06 PM

If you need to configure a DHCP server in your controller you can use this set of commands.

 

ip dhcp pool "test"

  default-router 192.168.1.1
  lease 1 0 0
  network 192.168.101.0 255.255.255.0
!
service dhcp

changing dhcp gateway and dns

ip dhcp pool "test" dns-server 8.8.8.8
ip dhcp pool "test" default-router 192.168.1.1

 

Of course use you own values for ip pools, gateway, dns, etc...

Re: COTD- Show IP Interface Brief

by Community Administrator ‎06-07-2014 08:40 AM - edited ‎06-12-2014 06:00 PM

If you need to know all the configured vlan ip interfaces you can use #show ip interface brief. Really handy if you have several projects going and cent keep up with each specific site and their different subnet addresses.

 

ip interface bref.PNG

COTD- Instant AAA Test-Server

by Community Administrator ‎06-03-2014 09:11 AM - edited ‎06-07-2014 08:44 AM

Use when trying to verify clearpass settings or other authentication methods.

 

Aaa test-server (name of server) username (xxxxx) password (xxxxx) auth-type xxx

 

aaatest.PNG

COTD - start_amp_upgrade -v 8.0.0"

by Chief Airhead Chief Airhead ‎07-01-2014 11:40 AM - edited ‎07-02-2014 11:30 AM

start_amp_upgrade -v 8.0.0

 

This will upgrade your Airwave server. You can replace the version number with the one you need. You will need to sign in with your support username and password for it to download.

Converting P7B to PEM

by MVP MVP ‎01-31-2015 09:05 AM

ClearPass does not work with .p7b certificate that generates by your domain rootCA, so you need to convert certificate to PEM with a cumbersome process of exporting each certificates, opening them in txt, then copy and paste all certificates in the right order to another text file, save in .pem, then import and getting the frustration of “Private Key File does not match the Certificate”

Using openSSL in your Ubuntu or Debian, it is simple, easy, and works everytime.

 

Root: # openssl pkcs7 -print_certs -in certnew.p7b -out certificate.pem