Controllerless Networks

Hello all,

I had my first interaction with Aruba Instant (IAP-105) yesterday and I realised that the browser is the only secure option to remotely configure Instant. My understanding is that SSH is disabled by default and the only other cli protocol is telnet, port 23 which is not secure.

I guess my question is if there is a trick or something that could possibly enable ssh because http is not my preferred way of configuring aruba. By the way, the version is 6.1.3.1-3.0.0.1_33617

Many Thanks,

Dimitris

Hi,

At the moment configuration by CLI is not supported on the instants.

There are various show and troubleshooting commands available, but as far as I know, you can only connect with telnet and not ssh.  This has certainly raised eyebrows with some customers I have deployed Instants for, so hopefully ssh will be supported in a future release.

:smileyhappy:

SSH should be available in the 3.2 release which is targeted for release before the end of December.

As Michael mentioned, however, the CLI is not supported for configuration.

How do I enable telnet(or SSH if possible) on AP-105 Instant so I can do packet capture?

I am running 6.2.0.0.3.2.0.3

On the Settings -> General (Advanced) panel, you'll see 'terminal access' is disabled.

Enable it and you should be able to connect.

Thanks! That was right on!!

I noticed that SSH is now default for terminal access!!!  Way to go Aruba!!

Yes, but it is readonly :-(.

But at least, there is ssh.

I was able to ssh to a particular AP-105 and use the pcap start .... commands to do remote network packet capture from the AP's WLAN interface ---  That is cool!!

Is there a monitor mode for the interfaces too?

That would be very helpful.

I am not sure what you are asking...

These are instructions I followed for WLAN packet capture

Aruba Instant version 6.1.2.3-2.0.0.3 and above have the pcap command to do the wireless packet capture on the IAP. This command is not exposed on the Web UI and has to run from the CLI.

1. Enable Telnet option to the IAP. By default Telnet or terminal access is disabled.

2. Use "show ap monitor status" to identify the base BSSID.

WLAN Interface

---------------

bssid              scan    monitor  probe-type  phy-type        task   channel  pkts

-----              ----    -------  ----------  --------        ----   -------  ----

'''00:24:6c:ae:81:68'''  enable  enable   m-portal    80211a-HT-40    tuned  149+     360116135

'''00:24:6c:ae:81:60'''  enable  enable   sap         80211b/g-HT-20  tuned  11       172543704

In the example above, the base bssid for 80211a is "00:24:6c:ae:81:68" and "00:24:6c:ae:81:60"

3. Use "pcap start <base bssid> <ip address of PC with Aruba version of Wireshark installed> <port> 0 1518"

Example:

pcap start 00:24:6c:ae:81:68 10.163.148.35 5555 0 1518 

4. Use "show pcap" to check the active pcap session

Packet Capture Sessions

-----------------------

pcap-id  filter  type  intf               channel  max-pkts  max-pkt-size  num-pkts  status       url  target

-------  ------  ----  ----               -------  --------  ------------  --------  ------       ---  ------

1                raw   00:24:6c:ae:81:68  149                                        in-progress       10.163.148.35/5555

5. Use "pcap stop <base bssid> <pcap-id> to stop the capture

Example:

pcap stop 00:24:6c:ae:81:68 1

6. Run the Aruba version of Wireshark on the PC, on the capture interface, select ARUBA udp-port=5555