Product and Software: This article applies to Aruba RFprotect 6.5.2 and later.
AP70s are shipped from the factory (whether bound for AP customers or RFprotect customers) without a full firmware image. Instead they have a basic bootloader, which allows them to be dynamically deployed and stocked without worrying about the end purpose.
1. AP powers on and begins booting the bootloader if it does not find a valid image.
- DHCP request to get an IP.
- Find the aruba-master. a. Is one already configured in firmware? If no, this is a fresh AP. b. Was one handed out as part of the DHCP response? If so, that's the master. c. Query DNS for aruba-master. If there's a response, use that IP. d. Use the Aruba Discovery Protocol to find a local controller.
- Perform a tftpboot from the aruba-master and ask for the mips.ari image.
- TFTP uses UDP port 69.
- The service on the RFprotect server that implements TFTP is called RFprotect AP Imager.
- The "file" that the imager serves is stored in the RFprotect database associated with the Default-AP sensor template.
- If there is no valid image, then burn the image to flash. This is where normal-use AP70s diverge from RFprotect-AP70s.
6. Find the rfprotect server. a. Is one statically configured? If no, this is a fresh sensor. b. Was one handed out as part of the DHCP response? If so, use it. c. Query DNS for rfprotect. If there's a response, use that IP.
- Connect to the RFprotect server. New sensor appears in the sensor list as "Unknown ETL Sensor".
- Configure sensor with Sensor Manager.
For troubleshooting, follow these steps:
Note: To simulate the AP, use a laptop connected to the same port that the AP was connected to. (Either use a UNIX laptop (like Mac) or a Windows laptop with cygwin to make this easier.)
- Did the laptop get an IP? If not, troubleshoot DHCP.
- Perform an 'nslookup aruba-master'. Did you get an IP for it? If not, troubleshoot DNS.
- Do a tftp aruba-master -> get mips.ari. Did you get a file or did it time out? If not:
a. Is the RFprotect AP Imager service running on the server? b. Connect to the server with the RFprotect Console: 1. Go to the Configuration > Sensor Templates tab 2. Confirm there is a template called 'Default-AP'. (If not, create it.) 3. Confirm the template has a firmware image associated with it. (If not, call support.) c. Check the Internal System Log on the RFprotect server (using the Console) and look for any AP Imager errors. d. Confirm there is no firewall blocking the TFTP port on the server. e. Try TFTP on the server itself to eliminate any network issues.
[Assuming the AP is able to get the image]
4. Perform 'nslookup rfprotect'. Did you get an IP for it? If not, troubleshoot DNS.
5. telnet rfprotect 9099. Did it connect? If not, do the following: a. Confirm there's no firewall blocking the port. b. Confirm the RFprotect Engine service is running. c. Look for issues in the Internal System Log of the server using the RFprotect Console.
Use a sniffer to watch traffic to and from the AP. Sometimes it will broadcast interesting syslog messages. This will also allow you to confirm all of the protocol exchanges.