We want to hear from you on how we can improve our community and looking forward to seeing you share your experience with other members. Take a look at the list below, find the ideas you like or submit your own.
If you want to do little bit more easily the on-site documentation when you install a bunch of AP's, don't forget the "AP installer" Android application :)
OS 8 licensing is confuse specially for the stand alone mode. Even in stand alone, the licenses for the controller still need to be installed as master-local. We can migrate the licenses from OS 6 to OS 8, but only AP license works. If we want the other licenses such as PEF, RF to work, we must “activate” it.
To activate these licenses after install the license with "license add x.y.z" use these cli:
(Aruba7210) [mynode] #change-config-node /mm (Aruba7210) [mm] (config) #license-pool-profile-root (Aruba7210) [mm] (License root(/) pool profile) #pefng-licenses-enable (Aruba7210) [mm] (License root(/) pool profile) # rfp-license-enable (Aruba7210) ^[mm] #show license pool-profile root License Profile Summary For Root Pool -------------------------------------- Feature Enable TotalInstalledCount AvailableCount ------- ------ ------------------- -------------- AP Yes 256 256 PEFNG Yes 256 256 RFP Yes 256 256 XSEC No 0 0 ACR No 0 0 WebCC No 0 0 MM No 0 0 VMC No 0 0
I have installed a bunch of IAP's and would like to integrate them in my SNMP management system (in my case IMC).
They have been discovered perfectly but when I tried to change some basic MIB-II objects (systemLocation, systenContact, etc) the IAP VC refuses the change saying that these objects are not writable.
I think this should be changed so that IAP's can be integrated into any SNMP managers or asset management system, and to make them compliant with SNMP MIB-II specifications.
I have seen that in the latest firmware release of instant, Aruba has added a functionality to detect URLs of HTTP and HTTPS browsing and send this information to an Analytic Server Engine server. It would be perfect if these URLs could also be sent to a syslog server to have web browsing records that could be sent to the police or to the court, as part of an investigation of a criminal offense.
Let’s give a boost to the COTD.
Have you tried the Centralized licensing yet? Definatly give it a try. From my master-controller (and also the backup-master) with 0 license I can do this:
(WC03) #show license server-table License Server Table -------------------- Service Type Aggregate Lic. Used Lic. Remaining Lic. ------------ -------------- --------- -------------- Access Points 1992 667 1325 Next Generation Policy Enforcement Firewall Module 1808 675 1133 RF Protect 1808 675 1133 xSec Module 0 0 0 Advanced Cryptography 0 0 0
When auto cert provisioning is disbaled use the below commands to quickly add APs to the whitelist via the CLI. This command is perfomed straight from enable mode.
whitelist-db cpsec modify mac-address <mac address> cert-type factory-cert state certified-factory-cert
6c:f3:7f:c3:2d:36# conf t
We now support CLI commit model, please type "commit apply" for configuration to take effect.
6c:f3:7f:c3:2d:36 (config) # arm
6c:f3:7f:c3:2d:36 (ARM) # a-channels 64
6c:f3:7f:c3:2d:36 (ARM) # g-channels 11
6c:f3:7f:c3:2d:36 (ARM) # exit
6c:f3:7f:c3:2d:36 (config) # exit
6c:f3:7f:c3:2d:36# commit apply
6c:f3:7f:c3:2d:36# sh ap bss-table
Aruba AP BSS Table
bss ess port ip phy type ch/EIRP/max-EIRP cur-cl ap name in-t(s) tot-t
--- --- ---- -- --- ---- ---------------- ------ ------- ------- -----
6c:f3:7f:b2:d3:72 test ?/? 192.168.1.139 a-HT ap 64/22/22 0 6c:f3:7f:c3:2d:36 0 12m:20s
6c:f3:7f:b2:d3:62 test ?/? 192.168.1.139 g-HT ap 11/19/19 0 6c:f3:7f:c3:2d:36 0 12m:19s
Channel followed by "*" indicates channel selected due to unsupported configured channel.
"Spectrum" followed by "^" indicates Local Spectrum Override in effect.
ClearPass does not work with .p7b certificate that generates by your domain rootCA, so you need to convert certificate to PEM with a cumbersome process of exporting each certificates, opening them in txt, then copy and paste all certificates in the right order to another text file, save in .pem, then import and getting the frustration of “Private Key File does not match the Certificate”
Using openSSL in your Ubuntu or Debian, it is simple, easy, and works everytime.
Root: # openssl pkcs7 -print_certs -in certnew.p7b -out certificate.pem
This command is modified in AOS 22.214.171.124.
# show dot1x watermark table active
# show dot1x watermark table pending
active: Displays all current active sessions in the 802.1X queue and the
pending: Displays all pending sessions in the 802.1X queue, the duration
for which the user is pending in the queue, and the corresponding userage.
First, find out what the name of the radius server:
(Aruba) #show aaa authentication-server radius RADIUS Server List ------------------ Name References Profile Status ---- ---------- -------------- DC 1 Total:1
Now test the authentication against radius server "DC"
(Aruba) #aaa test-server mschapv2 DC ngutri MyPassword123 Authentication Successful
Just in case you like me and cannot remember exactly where AP 9c:1c:12:8a:48:o8 is you can flash the LEDs on the AP to locate it.
(Aruba3200-US) #ap-leds ?
all Control LEDs on all APs
ap-group Control LEDs on APs in this group
ap-name Control LEDs on AP with this name
ip-addr Control LEDs on AP at this IP address
wired-mac Control LEDs on AP at this MAC address
Your controller has physical properties that can be monitored, temperature, voltage etc. To see the current physical status of the controller or get the serial number issue:
(Aruba3200-US) #show inventory -Displays hardware inventory of the controller
You can create temporarily convert an AP to an air monitor to check the RF in the environment around the AP. Just dont forget to convert it back!
To create a temp monitor use:
(config) #ap spectrum local-override
Full command below:
To convert it back:
(Aruba3200-US) (config) #ap spectrum local-override
(Aruba3200-US) (Spectrum Local Override Profile) #no override ap-name
If a client is expirencing issues you should enable debugging on the client using:
(Aruba3200-US) (config) #logging level debugging user-debug (MAC address)
Then to verify it is being debugged use:
(Aruba3200-US) (config) #show debug
Finally to view the logs for the debugged client use:
(Aruba3200-US) (config) #show log user-debug (number of entries / all)