Quite sure that the ap to instant conversion is only supported for AOS-10 deployments, and Central would not support those APs for that reason.
If you believe it is supported, please work with Aruba Support, your local Aruba partner or Aruba SE.
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 21, 2023 08:30 AM
From: MacolaCola
Subject: AP-225 CAPs converted to IAPs using "ap convert" in 8.6.0.0 and above won't join Central.
Jochem,
Aruba Central supports 8.x installs in a separate environment. There is a separate document that discusses the AP-225 upgrade to 8.6.x.x unified code. As long as the AP-225 is converted to 8.6.x.x, it can purportedly be added to an Aruba Central instance hosting 8.x devices.
Original Message:
Sent: Aug 21, 2023 04:59 AM
From: Jochem Knoben
Subject: AP-225 CAPs converted to IAPs using "ap convert" in 8.6.0.0 and above won't join Central.
Hi,
pls. read this one:
Converting CAP AP to ap managed with central with aruba os 10 | Cloud Managed Networks (arubanetworks.com)
And for sure the AP2xx-model are not supported in AOS10.
So not really a surprise that it's not working for converted AP2xx - anyhow Aruba recommends not to use converted CAP's in a "production environment".
Original Message:
Sent: Aug 18, 2023 09:01 AM
From: MacolaCola
Subject: AP-225 CAPs converted to IAPs using "ap convert" in 8.6.0.0 and above won't join Central.
I have a small number of AP-225 CAPs I have converted to IAPs using the "convert ap" command. Just for clarity, I am going to post what I did to convert them:
- They were on an Airwave-managed controller running 6.5.x.x. I changed the LMS IP to a stand-alone controller (not managed by anything) running 8.6.0.21.
- I performed the standard steps for "ap convert" from the CLI of the controller.
- The APs downloaded new 8.6.0.21 IAP code I hosted on a TFTP server.
- They rebooted, and came up as instant APs.
- I onboarded them to our Central instance, assigned a subscription and assignment.
- Maddeningly, they never appear in "Devices" in Central either under Global, or one of the groups I assigned them to.
Added info: I have been able to add an out of the box 535 AP with no issues to my central instance. The problem is, I have over 100 AP-225s to convert, and they have to work, as this is a fair bit of our prod hardware.
Output of the AP debug log is attached, and while it appears to be communicating with Central, something does not seem right.
sh log debug
Aug 18 12:23:32 cli[4711]: swarm_timer_handler,check_ssh
Aug 18 12:23:41 sapd[4717]: sapd_papi_rcv_cb: Received AMAPI Packet from 127.0.0.1:15201 to 127.0.0.1:8223
Aug 18 12:23:41 sapd[4717]: executeCommandObject: Executing AMAPI Command Type: 100
Aug 18 12:23:42 cli[4711]: send_register_local,slave send defaultcert checksum at heartbeat,cs_defaultcert_csum= 2512998923
Aug 18 12:23:42 cli[4711]: recv_heartbeat_local,compare defaultcert checksum,cs_defaultcert_csum= 2512998923 ,received defaultcert_csum =2512998923
Aug 18 12:23:42 cli[4711]: receive ap 127.0.0.1 with drt status 0
Aug 18 12:23:45 sapd[4717]: sapd_papi_rcv_cb: Received AMAPI Packet from 127.0.0.1:15201 to 127.0.0.1:8223
Aug 18 12:23:45 sapd[4717]: executeCommandObject: Executing AMAPI Command Type: 100
Aug 18 12:23:49 sapd[4717]: sapd_papi_rcv_cb: Received AMAPI Packet from 127.0.0.1:15201 to 127.0.0.1:8223
Aug 18 12:23:49 sapd[4717]: executeCommandObject: Executing AMAPI Command Type: 100
Aug 18 12:23:53 cli[4711]: send_register_local,slave send defaultcert checksum at heartbeat,cs_defaultcert_csum= 2512998923
Aug 18 12:23:53 cli[4711]: recv_heartbeat_local,compare defaultcert checksum,cs_defaultcert_csum= 2512998923 ,received defaultcert_csum =2512998923
Aug 18 12:23:53 cli[4711]: receive ap 127.0.0.1 with drt status 0
Aug 18 12:24:03 cli[4711]: send_register_local,slave send defaultcert checksum at heartbeat,cs_defaultcert_csum= 2512998923
Aug 18 12:24:03 cli[4711]: recv_heartbeat_local,compare defaultcert checksum,cs_defaultcert_csum= 2512998923 ,received defaultcert_csum =2512998923
Aug 18 12:24:03 cli[4711]: receive ap 127.0.0.1 with drt status 0
Aug 18 12:24:03 awc[4708]: Receive awc keepalive detection message and send reply.
Aug 18 12:24:03 cli[4711]: sending athena request
Aug 18 12:24:03 awc[4708]: papi_receive_callback: 5746: received CLI_ATHENA_LOGIN_REQUEST
Aug 18 12:24:03 awc[4708]: tcp_connect: begin resolve 'device-uswest4.central.arubanetworks.com'
Aug 18 12:24:04 awc[4708]: tcp_connect: 187: recv timeout set to 5
Aug 18 12:24:04 awc[4708]: tcp_connect: 194: send timeout set to 5
Aug 18 12:24:04 awc[4708]: awc_init_connection: 2762: connected to device-uswest4.central.arubanetworks.com:443
Aug 18 12:24:04 awc[4708]: awc_init_connection: 2840: Loading local CA certificates
Aug 18 12:24:04 cli[4711]: swarm_timer_handler,check_ssh
Aug 18 12:24:05 awc[4708]: verify_peer_domain_name: 1534: Verifying peer domain name device-uswest4.central.arubanetworks.com
Aug 18 12:24:05 awc[4708]: cert_verify_domain: 1440: certificate common-name '*.central.arubanetworks.com' matches domain name 'device-uswest4.central.arubanetworks.com'
Aug 18 12:24:05 awc[4708]: awc_init_connection: 3009: SSL certificate verification is successful
Aug 18 12:24:05 awc[4708]: awc_init_connection: 3012: Connected
Aug 18 12:24:05 awc[4708]: Sent header 'POST /swarm HTTP/1.1^M Host: device-uswest4.central.arubanetworks.com^M Content-Length: 0^M Connection: keep-alive^M X-Type: login^M X-Guid: f75923af01538f2bab452201ea4b669e0a5365ba2de19a2475^M X-OEM-Tag: Aruba^M X-Version: 8.6.0.21-8.6.0.21_86650^M X-Mode: IAP^M X-Websocket-Capable: true^M X-Ap-Info: CT0141657, 18:64:72:cb:a0:46, AP-225^M ^M '
Aug 18 12:24:05 awc[4708]: receive isc request
Aug 18 12:24:05 awc[4708]: tcp_connect: begin resolve 'device.arubanetworks.com'
Aug 18 12:24:05 awc[4708]: tcp_connect: 187: recv timeout set to 5
Aug 18 12:24:05 awc[4708]: tcp_connect: 194: send timeout set to 5
Aug 18 12:24:05 awc[4708]: awc_init_connection: 2762: connected to device.arubanetworks.com:443
Aug 18 12:24:05 awc[4708]: awc_init_connection: 2840: Loading local CA certificates
Aug 18 12:24:05 sapd[4717]: sapd_papi_rcv_cb: Received AMAPI Packet from 127.0.0.1:15201 to 127.0.0.1:8223
Aug 18 12:24:05 sapd[4717]: executeCommandObject: Executing AMAPI Command Type: 100
Aug 18 12:24:05 awc[4708]: verify_peer_domain_name: 1534: Verifying peer domain name device.arubanetworks.com
Aug 18 12:24:05 awc[4708]: cert_verify_domain: 1440: certificate common-name 'device.arubanetworks.com' matches domain name 'device.arubanetworks.com'
Aug 18 12:24:05 awc[4708]: awc_init_connection: 3009: SSL certificate verification is successful
Aug 18 12:24:05 awc[4708]: awc_init_connection: 3012: Connected
Aug 18 12:24:05 awc[4708]: Sent header 'POST /provision HTTP/1.1^M Host: device.arubanetworks.com^M Content-Length: 0^M Connection: keep-alive^M X-Type: provision-update^M X-Guid: f75923af01538f2bab452201ea4b669e0a5365ba2de19a2475^M X-OEM-Tag: Aruba^M X-Mode: IAP^M X-Mfg-Img: No^M X-Factory-Default: Yes^M X-Long-Header-Values: Yes^M X-Current-Version: 8.6.0.21-8.6.0.21_86650^M X-Ap-Info: CT0141657, 18:64:72:cb:a0:46, AP-225^M X-Features: 0000100001000100000000000000000000000000000000010000000^M ^M '
Aug 18 12:24:05 awc[4708]: Message over SSL from device-uswest4.central.arubanetworks.com, SSL_read() returned 435, errstr=Success, Message is "HTTP/1.1 400 Bad Request^M Date: Fri, 18 Aug 2023 12:24:05 GMT^M Content-Type: text/html^M Content-Length: 208^M Connection: close^M X-Frame-Options: SAMEORIGIN^M X-Request-Start: t=1692361445.109^M X-XSS-Protection: 1; mode=block^M ^M <html>^M <head><title>400 The SSL certificate error</title></head>^M <body>^M <center><h1>400 Bad Request</h1></center>^M <center
>The SSL certificate error</center>^M <hr><center>nginx</center>^M </body>^M </html>^M ", AWC response: (null)
Aug 18 12:24:05 awc[4708]: athena_read: 1989: cann't find session id from athena's message
Aug 18 12:24:05 awc[4708]: parse_awc_header: 1127: ssl_read from device-uswest4.central.arubanetworks.com failure 0 error_count 1
Aug 18 12:24:06 awc[4708]: parse_awc_header: 1127: ssl_read from device-uswest4.central.arubanetworks.com failure -1 error_count 2
Aug 18 12:24:07 awc[4708]: Message over SSL from device.arubanetworks.com, SSL_read() returned 551, errstr=Success, Message is "HTTP/1.1 200 OK^M Date: Fri, 18 Aug 2023 12:24:05 GMT^M Content-Type: text/plain^M Content-Length: 0^M Connection: keep-alive^M X-Type: provision-update^M X-Session-Id: 2740232732821744174^M X-Challenge: 488258143499679957563228365824825214798434115708658726487567170497998120086522503978540654638568336132796423691252655778179735945061225157902727506300305568149545871264129700367
2295017998774606224216450650795515673887029490365161446107306447312236516275955^M X-Status-Code: not-authenticated^M Strict-Transport-Security: max-age=3600; includeSubDomains^M ^M ", AWC response: (null)
Aug 18 12:24:07 awc[4708]: sending isc response
Aug 18 12:24:07 awc[4708]: parse_awc_header: 1127: ssl_read from device-uswest4.central.arubanetworks.com failure -1 error_count 3
Aug 18 12:24:08 awc[4708]: receive isc request
Aug 18 12:24:08 awc[4708]: Sent header 'POST /provision HTTP/1.1^M Host: device.arubanetworks.com^M Content-Length: 2443^M Connection: close^M X-Type: provision-update^M X-Guid: f75923af01538f2bab452201ea4b669e0a5365ba2de19a2475^M X-OEM-Tag: Aruba^M X-Mode: IAP^M X-Mfg-Img: No^M X-Factory-Default: Yes^M X-Long-Header-Values: Yes^M X-Session-Id: 2740232732821744174^M X-Current-Version: 8.6.0.21-8.6.0.21_86650^M X-Ap-Info: CT0141657, 18:64:72:cb:a0:46, AP-225^M X-Features: 000010000100010000000000000000000
0000000000000010000000^M X-Challenge-Hash: SHA-1^M ^M '
Aug 18 12:24:08 awc[4708]: parse_awc_header: 1127: ssl_read from device-uswest4.central.arubanetworks.com failure -1 error_count 4
Aug 18 12:24:09 sapd[4717]: sapd_papi_rcv_cb: Received AMAPI Packet from 127.0.0.1:15201 to 127.0.0.1:8223
Aug 18 12:24:09 sapd[4717]: executeCommandObject: Executing AMAPI Command Type: 100
Aug 18 12:24:09 awc[4708]: parse_awc_header: 1127: ssl_read from device-uswest4.central.arubanetworks.com failure -1 error_count 5
Fri, 18 Aug 2023 12:24:09 GMT^M Content-Type: text/plain^M Content-Length: 0^M Connection: close^M X-Session-Id: 2740232732821744174^M X-Activation-Key: ID12IUA2^M X-Athena-Url: device-uswest4.central.arubanetworks.com^M X-Mode: IAP^M X-Status-Code: success^M X-Type: provision-update^M Strict-Transport-Security: max-age=3600; includeSubDomains^M ^M ", AWC response: (null)
Aug 18 12:24:10 awc[4708]: sending isc response
Aug 18 12:24:10 awc[4708]: isc_exit: 923: disconnected
Aug 18 12:24:10 awc[4708]: parse_awc_header: 1127: ssl_read from device-uswest4.central.arubanetworks.com failure -1 error_count 6
Aug 18 12:24:11 awc[4708]: parse_awc_header: 1127: ssl_read from device-uswest4.central.arubanetworks.com failure -1 error_count 7
Aug 18 12:24:12 awc[4708]: parse_awc_header: 1127: ssl_read from device-uswest4.central.arubanetworks.com failure -1 error_count 8
Aug 18 12:24:13 sapd[4717]: sapd_papi_rcv_cb: Received AMAPI Packet from 127.0.0.1:15201 to 127.0.0.1:8223
Aug 18 12:24:13 sapd[4717]: executeCommandObject: Executing AMAPI Command Type: 100
Aug 18 12:24:13 awc[4708]: parse_awc_header: 1127: ssl_read from device-uswest4.central.arubanetworks.com failure -1 error_count 9
Aug 18 12:24:14 cli[4711]: send_register_local,slave send defaultcert checksum at heartbeat,cs_defaultcert_csum= 2512998923
Aug 18 12:24:14 cli[4711]: recv_heartbeat_local,compare defaultcert checksum,cs_defaultcert_csum= 2512998923 ,received defaultcert_csum =2512998923
Aug 18 12:24:14 cli[4711]: receive ap 127.0.0.1 with drt status 0
Aug 18 12:24:14 awc[4708]: parse_awc_header: 1127: ssl_read from device-uswest4.central.arubanetworks.com failure -1 error_count 10
Aug 18 12:24:15 awc[4708]: parse_awc_header: 1127: ssl_read from device-uswest4.central.arubanetworks.com failure -1 error_count 11
Aug 18 12:24:25 cli[4711]: send_register_local,slave send defaultcert checksum at heartbeat,cs_defaultcert_csum= 2512998923
Aug 18 12:24:25 cli[4711]: recv_heartbeat_local,compare defaultcert checksum,cs_defaultcert_csum= 2512998923 ,received defaultcert_csum =2512998923
Aug 18 12:24:25 cli[4711]: receive ap 127.0.0.1 with drt status 0
Aug 18 12:24:35 cli[4711]: send_register_local,slave send defaultcert checksum at heartbeat,cs_defaultcert_csum= 2512998923
Aug 18 12:24:35 cli[4711]: recv_heartbeat_local,compare defaultcert checksum,cs_defaultcert_csum= 2512998923 ,received defaultcert_csum =2512998923
Aug 18 12:24:35 cli[4711]: receive ap 127.0.0.1 with drt status 0
Aug 18 12:24:35 cli[4711]: swarm_timer_handler,check_ssh
Aug 18 12:24:46 cli[4711]: send_register_local,slave send defaultcert checksum at heartbeat,cs_defaultcert_csum= 2512998923
Aug 18 12:24:46 cli[4711]: recv_heartbeat_local,compare defaultcert checksum,cs_defaultcert_csum= 2512998923 ,received defaultcert_csum =2512998923
Aug 18 12:24:46 cli[4711]: receive ap 127.0.0.1 with drt status 0
Aug 18 12:24:51 sapd[4717]: sapd_papi_rcv_cb: Received AMAPI Packet from 127.0.0.1:15201 to 127.0.0.1:8223
Aug 18 12:24:51 sapd[4717]: executeCommandObject: Executing AMAPI Command Type: 100
Aug 18 12:24:51 sapd[4717]: sapd_papi_rcv_cb: Received AMAPI Packet from 127.0.0.1:15201 to 127.0.0.1:8223
Aug 18 12:24:51 sapd[4717]: executeCommandObject: Executing AMAPI Command Type: 100
Aug 18 12:24:55 sapd[4717]: sapd_papi_rcv_cb: Received AMAPI Packet from 127.0.0.1:15201 to 127.0.0.1:8223
Aug 18 12:24:55 sapd[4717]: executeCommandObject: Executing AMAPI Command Type: 100