Question: How do I configure the Phone Home feature (Aruba TAC server)?
Product and Software: This article applies to ArubaOS 188.8.131.52 and later.
Phone Home (Aruba TAC server) is a new feature introduced in ArubaOS 6.0. This feature allows users to send logs and crash data files securely to the Aruba TAC server. All data are encrypted and signed by the certificate in each controller. Simple Mail Transport Protocol (SMTP) is used to send the data to the Aruba TAC server.
The Phone Home feature has two report types:
· Auto Report
· Report Now
If the Auto Report option is enabled, the controller checks for configuration changes every week. If changes are detected, the logs are sent to the Aruba TAC server.
The Report Now option is an on-demand option that generates logs and a crash file (if any) and they are sent to the Aruba TAC server.
An Aruba TAC Engineer locates the logs and crash files you uploaded using Phone Home by looking for the controller serial number, controller hostname, or the email address or domain name you have configured.
Configuring Using the WebUI
1) Navigate to Maintenance > FILE > Aruba TAC Server > Enable.
2) In the SMTP Configuration Section, click SMTP.
a) Enter the Server IP Address.
i. This is the IP address of the local SMTP server. Check with your mail or server administrator.
ii. The local SMTP server must allow the controller(s) to relay emails. If not, the administrator needs to explicitly allow the subnets or controller IP address in the allowed list. The egress interface IP address is used as the source IP address.
b) Enter the Email-ID.
c) Click Apply.
d) Click Configuration > Save Configuration.
All other options are optional.
Some SMTP servers require authentication, protocol, and port different than TCP port 25 or has a limit set on the size of the attachment. You must get these details from your mail server administrator and configure them accordingly.
|Server IP Address||None||No||Your local SMTP server IP address.|
|Server Port||TCP 25||Yes||Your local SMTP server port.|
|User Name||None||Yes||Your username to login to the local SMTP server. This is usually optional.|
|Password||None||Yes||Your password to login to the local SMTP server. This is usually optional.|
|Email-ID||None||No||Your email address.|
|Max Size of Attachment||10 MB||Yes||Set the maximum attachment size per email. If the logs file exceeds 10 MB, the controller sends multiple emails with the maximum attachment of size of 10 MB each. Aruba TAC server merges all the attachments into a single log file.|
Configuring Using the CLI
You can also configure the Phone Home feature using the command line interface (CLI). All the phone home commands are local to the controller and are not pushed from the master controller to local controllers.
To enable Phone Home, follow these steps:
1) Login to the controller using SSH.
2) Type 'Config t' to enter the configuration mode.
3) Type 'phonehome enable' to enable the feature.
4) Type 'phonehome auto-report' to enable the auto reporting.
5) Type 'phonehome smtp <Your Local SMTP Server Address> <Your Email Address>' to set up the email forwarding.
6) Type 'end' to exit the configuration mode.
7) Type 'write mem' to save the configuration.
Verification Using the WebUI
After you enable and configure the Aruba TAC Support option, you can use the Report Now option to trigger the on-demand report.
To send a report to the Aruba TAC Server, follow these steps:
1) Click Maintenance > FILE > Aruba TAC Support.
2) Click Report Now > Apply.
The logs and crash files (if any) are generated and sent to the configured local SMTP server. The time taken depends on things like the configuration, number of users, sessions, and AP.
After the status change to "Operation executed successfully", click the Aruba TAC Server, and check the status display in the Transaction History section.
Sample transaction log from the WebUI:
Verification Using the CLI
To enable Phone Home, follow these steps:
1) Log in to the controller using SSH.
2) Type 'phonehome now'.
3) Type 'show phonehome report-status' to check the Phone Home status.
Common issues reported are:
· Relay is denied by local SMTP server.
· Authentication is required by the local SMTP server.
· Local SMTP server configuration is incorrect.
· Firewall is blocking TCP port 25 between the controller and the local SMTP server.
· Routing configuration is incorrect.
The transaction history shows this status if the post to your local SMTP server is failing:
To view status from the CLI, issue the 'show phonehome report-status' command:
(static-master) (config) #show phonehome report-status
PhoneHome Transaction Report-Status
1. Transaction: Born Wed Oct 17 14:41:02 2012, Report Type Manual-Report
Transaction ID: xxxxxx17_Manual_2012-10-17_14:41:02
Filename /flash/PhoneHome/trans/sw0/sw0_fault.tar, Size(Kbytes) 2059
Post Status: Post failed, will retry in 60 minutes
To debug the issue that posts to the local SMTP server is failing, follow these steps:
Step 1: Assume that Ping is allowed between the subnet of the controller and the local SMTP server.
1) Click Diagnostics > Network > Ping.
2) Enter the IP address of your local SMTP server.
3) Click Ping.
4) If the Ping is successful, go to step 2. If the Ping is not successful, check the routing and firewall configuration.
1) Open a SSH connection to the controller.
2) Enable the packet capture option, for example, if the SMTP server is using TCP port 25, enter this command:
packet-capture tcp 25
3) Trigger the on-demand Phone Home.
a. Clear the previous Phone Home status.
b. Run the report now.
c. Check the Phone Home status.
show phonehome report-status
d. When the status changes to "Post Status: Post failed, will retry in 60 minutes", stop the packet capture.
packet-capture tcp disable
Use 'show packet-capture' to view the active packet capture filter.
e. Generate the log and view the packet capture with any sniffer like Wireshark.
i. From the CLI, run 'tar log' to generate the logs.tar bundle.
ii. Copy this file to an external FTP or TFTP server
From the Web UI, click Maintenance > Copy Logs > Download Logs. Optionally you can uncheck "Include technical support information".
iii. Open the log bundle. It should contain files called filter.pcap. Open it with sniffer software like Wireshark and check for error in the capture. This file is located in the \var\log\oslog directory.
Sample sniffer captures that indicate an issue sending Phone Home data
Indicating the error in sending the email through the local SMTP server.
Error in packet capture show Authentication Required.
Indicating issues with firewall blocking the connection to your local SMTP server.
Indicating connection to your local SMTP server is reset. This could possibly cause by firewall blocking the request or the IP address of the SMTP server is incorrectly configured.
Indicating the SMTP server denied the relay request from the controller. The Mail Server Administrator must specifically permit the controller IP address or subnet to allow mail to be relay.