Developer

 View Only
last person joined: 9 days ago 

Expand all | Collapse all

How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

This thread has been viewed 25 times
  • 1.  How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 19 days ago

    Trying to enable REST api for ANSIBLE logins by following 16.11 OS Guide, but having no success whatsoever:

    FAILED! => {"body": "{\"message\":\"Authentication failed.\"}", "changed": false, "connection": "close", "content-type": "application/json", "msg": "HTTP Error 400: Bad Request", "requestid": "", "server": "eHTTP v2.0", "status": 400, "transfer-encoding": "chunked", "url": "http://xx.xx.xx.xx:80/rest/v6.0/login-sessions"}

    or

    Http
    Invalid user name/password on the REST session; the user 'ansible' is trying to login from the Switch WEB GUI

    --------------------------------------------------------------------------------------------------------------------------------------------------------

    aaa server-group radius "SW-Radius" host xx.xx.xx.xx

    aaa accounting exec start-stop radius

    aaa accounting system stop-only radius

    aaa authentication rest login radius server-group "SW-Radius" local

    aaa authentication rest enable radius server-group "SW-Radius" local

    -----------------------------------------------------------------------------------------------

    rest-interface is enabled for HTTP/80

    What is the right configuration for Aruba OS 16.11 and up?



  • 2.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    MVP GURU
    Posted 19 days ago

    Hi,

    What your playbook configuration ?

    If you try with curl (or PowerArubaSW ;-)), it is working ?

    for curl example you can look : https://networkingsupport.hpe.com/downloads/documents/RmlsZTo5OTBmZmUwZS03YjE3LTExZWQtYTcwNS1jMzc4NjBkYWVhMDY%3D



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 3.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 19 days ago

    Here is my playbook:

     

    ---

    - hosts: all

      gather_facts: false

      collections:

        - arubanetworks.aos_switch

     

      vars:

        - ansible_connection: network_cli

        - ansible_network_os: arubanetworks.aos_switch.arubaoss

        - ansible_command_timeout: 300

        - ansible_httpapi_use_ssl: false

        - ansible_httpapi_validate_certs: false

     

      tasks:

        - name: Include Credentials

          include_vars:

            file: /home/ansible/secret/credentials-ansible.yml

          no_log: true

     

        - name: Create VLAN 300

          arubaoss_vlan:

            vlan_id: 300

            name: "vlan300"

            config: "create"

            command: config_vlan

     

        - name: Update vlan 300 with ipv4 address

          arubaoss_vlan:

            vlan_id: 300

            config: "create"

            command: config_vlan_ipaddress

            vlan_ip_address: "10.20.30.40"

            vlan_ip_mask: "255.255.255.0"

     

        - name: Delete vlan 300 ipv4 address

          arubaoss_vlan:

            vlan_id: 300

            config: "delete"

            command: config_vlan_ipaddress

            vlan_ip_address: "10.20.30.40"

            vlan_ip_mask: "255.255.255.0"

     

        - name: update vlan 300 with dhcp helper address

          arubaoss_vlan:

            vlan_id: 300

            config: "create"

            command: config_vlan_dhcpHelperAddress

            helper_addresses: "10.10.10.100"

     

     






  • 4.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    MVP GURU
    Posted 16 days ago

    Look good...

    what do you have on /home/ansible/secret/credentials-ansible.yml ?

    do you have try with curl ?



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 5.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 16 days ago

    What I have tried to figure (please look at the original message), is why RESTapi does NOT process logins. Any logins (not just ansible)

    • Http
      Invalid user name/password on the REST session; the user 'ansible' is trying to login from the Switch WEB GUI 

    any user that can login to HTTP, cannot login to RESTAPI (the very same ansible user produces HTTP 400 bad request&failed authentication via ansible, but logs in to GUI)

    so the question is what am I missing in the Aruba OS 16.11.xxxx switch config?




  • 6.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    MVP GURU
    Posted 16 days ago

    Ansible is a local user or remote (RADIUS ?)



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 7.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 14 days ago

    We are trying to make it RADIUS (or TACACS? - seen some threads that REST over RADIUS has troubles with Aruba OS)

    What is the best practice for Aruba OS 16.11 (16.08+)?




  • 8.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    MVP GURU
    Posted 14 days ago

    What minor release do you are using for 16.11 ?

    Your configuration is already good, there is already this :

    aaa authentication rest login radius server-group "SW-Radius" local

    aaa authentication rest enable radius server-group "SW-Radius" local



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 9.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted 14 days ago

    Tried on 16.11.0011 and 0015 




  • 10.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    MVP GURU
    Posted 13 days ago

    can you try 16.11.0018 ?

    i will try to check today with 2530 and RADIUS



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 11.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    Posted yesterday

    Tried 16.11.0018 and this is the error message I am getting:

    FAILED! => {"body": "<HTML><HEAD><TITLE>307 Temporary Redirect</TITLE></HEAD><BODY bgcolor=\"white\"><CENTER><H1>307 Temporary Redirect</H1></CENTER></BODY></HTML>", "changed": false, "connection": "close", "content-length": "140", "content-type": "text/html", "location": "https://10.xx.xx.xx/rest/v6.0/login-sessions", "msg": "HTTP Error 307: Temporary Redirect", "status": 307, "url": "http://10.xx.xx.xx:80/rest/v6.0/login-sessions"}

    ----------------------------- 

    How were your tests?

    Does RESTAPI work on Aruba OS for real?

    What are the correct configurations for it?




  • 12.  RE: How to get REST API operational on Aruba OS 16.11 Switches (2530/2930)?

    EMPLOYEE
    Posted 14 hours ago

    From the error message it looks like you tried to authenticate to the API on HTTP and the switch is redirecting you to HTTPS. So try to use HTTPS for your API calls, where given you address the switch on IP address, you probably should disable certificate validation in your API script.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------