Command of the Day

Ideas Exchange

We want to hear from you on how we can improve our community and looking forward to seeing you share your experience with other members. Take a look at the list below, find the ideas you like or submit your own.

Note: You can submit an official Aruba product feature request by going to Aruba Support Center. In case you need more information on how to submit a feature request, please read our how-to article.

0 Kudos



If you want to do little bit more easily the on-site documentation when you install a bunch of AP's, don't forget the "AP installer" Android application :)


0 Kudos

OS 8 Stand Alone Licensing

by MVP MVP ‎12-11-2016 06:59 AM - edited ‎12-11-2016 07:14 AM

OS 8 licensing is confuse specially for the stand alone mode.  Even in stand alone, the licenses for the controller still need to be installed as master-local.  We can migrate the licenses from OS 6 to OS 8, but only AP license works.  If we want the other licenses such as PEF, RF to work, we must “activate” it. 

To activate these licenses after install the license with "license add x.y.z" use these cli:

(Aruba7210) [mynode] #change-config-node /mm
(Aruba7210) [mm] (config) #license-pool-profile-root
(Aruba7210) [mm] (License root(/) pool profile) #pefng-licenses-enable
(Aruba7210) [mm] (License root(/) pool profile) # rfp-license-enable
(Aruba7210) ^[mm] #show license pool-profile root

License Profile Summary For Root Pool
Feature  Enable  TotalInstalledCount  AvailableCount
-------  ------  -------------------  --------------
AP       Yes     256                  256
PEFNG    Yes     256                  256
RFP      Yes     256                  256
XSEC     No      0                    0
ACR      No      0                    0
WebCC    No      0                    0
MM       No      0                    0
VMC      No      0                    0


I have installed a bunch of IAP's and would like to integrate them in my SNMP management system (in my case IMC).

They have been discovered perfectly but when I tried to change some basic MIB-II objects (systemLocation, systenContact, etc)  the IAP VC refuses the change saying that these objects are not writable.

I think this should be changed so that IAP's can be integrated into any SNMP managers or asset management system, and to make them compliant with SNMP MIB-II specifications.

I have seen that in the latest firmware release of instant, Aruba has added a functionality to detect URLs of HTTP and HTTPS browsing and send this information to an Analytic Server Engine server. It would be perfect if these URLs could also be sent to a syslog server to have web browsing records that could be sent to the police or to the court, as part of an investigation of a criminal offense.

0 Kudos

Central Licensing

by MVP MVP ‎03-19-2016 08:42 AM

Let’s give a boost to the COTD. 

Have you tried the Centralized licensing yet? Definatly give it a try. From my master-controller (and also the backup-master) with 0 license I can do this:

(WC03) #show license server-table

License Server Table
Service Type                                        Aggregate Lic.  Used Lic.  Remaining Lic.
------------                                        --------------  ---------  --------------
Access Points                                       1992            667        1325
Next Generation Policy Enforcement Firewall Module  1808            675        1133
RF Protect                                          1808            675        1133
xSec Module                                         0               0          0
Advanced Cryptography                               0               0          0


gui cli.jpg

0 Kudos


by LeQuey Douglas ‎09-02-2015 03:47 PM

When auto cert provisioning is disbaled use the below commands to quickly add APs to the whitelist via the CLI.  This command is perfomed straight from enable mode.


whitelist-db cpsec modify mac-address <mac address> cert-type factory-cert state certified-factory-cert

0 Kudos



6c:f3:7f:c3:2d:36# conf t

We now support CLI commit model, please type "commit apply" for configuration to take effect.

6c:f3:7f:c3:2d:36 (config) # arm

6c:f3:7f:c3:2d:36 (ARM) # a-channels 64

6c:f3:7f:c3:2d:36 (ARM) # g-channels 11

6c:f3:7f:c3:2d:36 (ARM) # exit

6c:f3:7f:c3:2d:36 (config) # exit

6c:f3:7f:c3:2d:36# commit apply

committing configuration...

configuration committed.

6c:f3:7f:c3:2d:36# sh ap bss-table


Aruba AP BSS Table


bss                ess   port  ip             phy   type  ch/EIRP/max-EIRP  cur-cl  ap name            in-t(s)  tot-t

---                ---   ----  --             ---   ----  ----------------  ------  -------            -------  -----

6c:f3:7f:b2:d3:72  test  ?/?  a-HT  ap    64/22/22          0       6c:f3:7f:c3:2d:36  0        12m:20s

6c:f3:7f:b2:d3:62  test  ?/?  g-HT  ap    11/19/19          0       6c:f3:7f:c3:2d:36  0        12m:19s


Channel followed by "*" indicates channel selected due to unsupported configured channel.

"Spectrum" followed by "^" indicates Local Spectrum Override in effect.


Num APs:2

Num Associations:0

Converting P7B to PEM

by MVP MVP ‎01-31-2015 09:05 AM

ClearPass does not work with .p7b certificate that generates by your domain rootCA, so you need to convert certificate to PEM with a cumbersome process of exporting each certificates, opening them in txt, then copy and paste all certificates in the right order to another text file, save in .pem, then import and getting the frustration of “Private Key File does not match the Certificate”

Using openSSL in your Ubuntu or Debian, it is simple, easy, and works everytime.


Root: # openssl pkcs7 -print_certs -in certnew.p7b -out certificate.pem


0 Kudos

Show dot1x Watermark

by ‎01-29-2015 08:02 PM

This command is modified in AOS


  # show dot1x watermark table active


  # show dot1x watermark table pending


 active: Displays all current active sessions in the 802.1X queue and the
corresponding user-age.
 pending: Displays all pending sessions in the 802.1X queue, the duration
for which the user is pending in the queue, and the corresponding userage.

Quickly test your radius authentication

by MVP MVP ‎01-08-2015 07:10 PM - edited ‎02-01-2015 09:05 AM

First, find out what the name of the radius server:

(Aruba) #show aaa authentication-server radius

RADIUS Server List
Name  References  Profile Status
----  ----------  --------------
DC    1


 Now test the authentication against radius server "DC"

(Aruba) #aaa test-server mschapv2 DC ngutri MyPassword123

Authentication Successful


0 Kudos

COTD - Show VLAN Status

by Community Administrator ‎10-16-2014 08:02 AM

Keep track of your various VLANs and see the status of them. This command will show you the IP and mask of the VLAN, operstate, port count, associated ports and AAA profile


Show Vlan Status.PNG

COTD - Blinking LEDs

by Community Administrator ‎10-14-2014 06:50 AM

Just in case you like me and cannot remember exactly where AP 9c:1c:12:8a:48:o8 is you can flash the LEDs on the AP to locate it.


(Aruba3200-US) #ap-leds ?
all Control LEDs on all APs
ap-group Control LEDs on APs in this group
ap-name Control LEDs on AP with this name
ip-addr Control LEDs on AP at this IP address
wired-mac Control LEDs on AP at this MAC address


(view in My Videos)

COTD - Show Inventory

by Community Administrator ‎10-07-2014 08:38 AM - edited ‎10-07-2014 08:41 AM

Your controller has physical properties that can be monitored, temperature, voltage etc. To see the current physical status of the controller or get the serial number issue:


(Aruba3200-US) #show inventory    -Displays hardware inventory of the controller


show inventory.PNG

COTD - AP Spectrum Local Override

by Community Administrator ‎09-17-2014 12:28 PM

You can create temporarily convert an AP to an air monitor to check the RF in the environment around the AP. Just dont forget to convert it back!


To create a temp monitor use:


(config) #ap spectrum local-override


Full command below:



To convert it back:


(Aruba3200-US) (config) #ap spectrum local-override
(Aruba3200-US) (Spectrum Local Override Profile) #no override ap-name

0 Kudos

You can simply and easily generate a guest entry and configure the profile to your needs.


To quickly generate a username and password for a guest use:


#local-userdb-guest add generate-username generate-password 


add guest.PNGadd guest a.PNG

0 Kudos

COTD - Audit Trail

by Community Administrator ‎09-08-2014 10:33 AM

Changes are made all the time and sometime changes are made unexpectedly without your knowledge. If the changes have a negative effect on production then you will need to discover the changes to correct them.


For this use:


#show audit-trail history


Audit Trail.PNG

0 Kudos

COTD - Show Global User Table List

by Community Administrator ‎08-28-2014 07:54 AM

When you need info on all users including PHY Type, BSSID, ESSID, age, role and more use:


(Aruba3200-US) # show  global-user-table list


Output of command:

Show global user table.PNG

0 Kudos

COTD - User Debugging

by Community Administrator ‎08-22-2014 09:28 AM - edited ‎08-22-2014 12:52 PM

If a client is expirencing issues you should enable debugging on the client using:


(Aruba3200-US) (config) #logging level debugging user-debug (MAC address)


Then to verify it is being debugged use:


(Aruba3200-US) (config) #show debug


Finally to view the logs for the debugged client use:


(Aruba3200-US) (config) #show log user-debug (number of entries / all)



COTD - Rebooting an AP

by Community Administrator ‎08-19-2014 07:27 AM

If you are needing to boot an AP or an entire group or even all asssociated AP you can use:




There are several modifiers to the command see below.



0 Kudos

COTD - Upgrade Image via TFTP or FTP

by Community Administrator ‎08-14-2014 05:42 PM - edited ‎08-14-2014 05:45 PM

When you need to upgrade you controller you and you want to use the CLI use:


#copy tftp: (server address) (filename) system: partition (0-1). 


           ^ can also use ftp



Upgrade Controller.PNG