I'm trying to make a small utility that allow to configure an 303 AP (Running ArubaOS 8.6.0) by creating a backup.cfg that when restored, will set all the parameters for different SSID.
This SSID is dependant on the serial number, so the idea is to ask for the serial number, and let the utility generate the cfg file that I will download in the SetMeUp network, and will make all the settings of the network correctly.
The problem is that backup.cfg does something that I really dont understand. If I change the PSK, the wpa-passphrase line change, (which is something I expected) but if I try to change it back to the original passphrase, the wpa-passphrase changes again to a different value.
It seems that there is something I dont really understand correctly.
When I enter the command via ssh (via config|wlan ssid-profile <SSID>|wpa-passphrase Go4Service) I'm able to change the password in plain text, but in the backup.cfg file is stored as an hex chain, and I can't make a sense on how this value is calculated. (I tried to used pbkdf2 rules and doesnt return the same value)
(I include both backup.cfg files with both the same passwords)
Any guidance will be helpful
How to you import backup.cfg ?
Do you have look for use API ?
The backup.cfg is imported by Maintenance|Configuration|Restore.
Didnt look much at the API, but after a few hours trying to get there I found a problem.
I'm trying to access the API at:https://<ip>:4343/api (by browser)orhttps://<ip>:4343/v1/api/login (by curl command)
and the response I get is the web monitoring interface... Doesn't seem that the API is enable in my 303AP.Is there anyway to enable it? or its simpy not there?
You need to enable API Rest on the IAP and after you need to connect
Look the API Ref doc => https://support.arubanetworks.com/DesktopModules/Bring2mind/DMX/Download.aspx?TabId=76&DMXModule=514&Command=Core_Download&EntryId=37003&PortalId=0
You can look PowerArubaIAP module (but there is not yet support of create a SSID, only on a experimental branch...)
That hex value is a reversible encryption of your passphrase and might be dependent on the virtual controller key and salted (add a random value in the encryption to prevent the same password have the same output as that would help to determine if you see the same encrypted/hashed password on different places you know it has to be the same password), but I don't have details nor have seen details on that.
If you run a 'show configuration no-encrypt' on the AP you can see what is behind the hex code, and use that in your scripts. I have not found a way to input a hex value in the configuration, which may be what you see when you enter the hex value that will be seen as the plain text pass-phrase and converted into a new encoded hex string.
In case you can work with plain-text passwords, I think that is your best approach.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.