Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
First, here is an overview of what is happening in a working scenario. AP70s are shipped from the factory (whether bound for AP customers or RFprotect customers) without a full firmware image. Instead, they have a basic bootloader, which allows them to be dynamically deployed and stocked without worrying about the end purpose.
1. AP powers on and, if it does not find a valid image, begins booting the bootloader.
2. DHCP request to get an IP.
3. Find the aruba-master.
a. Is one already configured in firmware? No, this is a fresh AP.
b. Was one handed out as part of the DHCP response? If so, that's the master.
c. Query DNS for aruba-master. If there's a response, use that IP.
d. Use the Aruba Discovery Protocol to find a local controller.
4. Perform a tftpboot from the aruba-master and ask for the mips.ari image.
- (TFTP uses UDP port 69.)
- (The service on the RFprotect server that implements TFTP is called RFprotect AP Imager.)
- (The "file" that the imager serves is stored in the RFprotect database associated with the Default-AP sensor template.)
5. If there is no valid image, then burn the image to flash.
(This is where normal AP-use AP70s diverge from RFprotect AP70s.)
6. Find the rfprotect server.
a. Is one statically configured? No, this is a fresh sensor.
b. Was one handed out as part of the DHCP response? If so, use it.
c. Query DNS for rfprotect. If there is a response, use that IP.
7. Connect to the RFprotect server.
New sensor appears in the sensor list as "Unknown ETL Sensor".
8. Configure sensor with Sensor Manager.
Now let's assume something went wrong. Let's simulate the new AP using a laptop connected to the same port the AP is. Use either a UNIX laptop or a Windows laptop with cygwin to make this easier.
1. Did your laptop get an IP? If not, troubleshoot DHCP.
2. Do an nslookup for aruba-master. Did you get an IP for it? If not, troubleshoot DNS.
3. TFTP aruba-master to get mips.ari. Did you get a file or did it time out? If no,...
a. Is the RFprotect AP Imager service running on the server?
b. Connect to the server with the RFprotect Console.
A. Navigate to the Configuration > Sensor Templates tab
B. Confirm there is a template called 'Default-AP' (If not, create it.)
C. Confirm that the template has a firmware image associated with it. (If not, call support).
c. Check the Internal System Log on the RFprotect server (using the Console) and look for any AP Imager errors.
d. Confirm that no firewall is blocking the TFTP port on the server.
e. Try TFTP on the server itself to eliminate any network issues.
(Now we can assume the AP got the image.)
4. Do an nslookup for rfprotect. Did you get an IP for it? If not, troubleshoot DNS.
5. Use Telnet to connect to rfprotect 9099. Did it connect? If not:
a. Confirm that no firewall is blocking the port.
b. Confirm that the RFprotect Engine service is running.
c. Look for issues in the Internal System Log of the server using the RFprotect Console.
Here are some other things to try:
Use a sniffer to watch traffic to and from the AP. Sometimes it will broadcast interesting syslog messages. You can also confirm all the protocol exchanges this way and avoid the steps above.