COTD: Get into your AP's console without a cable. (ArubaOS 6.4.3 and above)
11-18-2017 06:09 PM - edited 11-18-2017 06:14 PM
We have been there many times, where an access point has been inacessible due to some configuration or network issue. Sometimes that AP is 20 feet off the ground in a ceiling, so we cannot reach it using a console cable. As of ArubaOS 126.96.36.199, there is a way to access the AP's "console" via telnet without being physically connected to it. The feature is called "Backup ESSID" and it allows you to connect to an AP's console over wifi starting with ArubaOS 6.4.3 and above.
- An AP must initially be able to connect to a controller and download an AP-system profile
- The Backup ESSID must have been configured in the AP system profile before the AP has lost connectivity to the controller
- A Console password must have been configured in the AP system profile before the AP has lost connectivity to the controller
Here is how it works:
- Console and Backup ESSID password configuration is configured in the AP system profile and received when the AP contacts the controller.
- The administrator connects to the AP console on an SSID named "backup-<wired mac address of AP>" using the Backup ESSID password configured above
- The user gets an ip address and telnets to 192.168.11.1 and enters the console password configured above
- The user can execute commands at the # prompt to view, change and erase AP environment variables.
In the AP system profile under advanced you need to configure:
- Console Enable
- AP Console Protection
- An AP Console Password, which will allow you to get into the console after you connnect to the AP's wifi SSID
- Password for Backup, which is the WPA2-PSK password for the access point's backup password
- Operation for Backup configuration which will allow the backup SSID to be broadcast either always (static), only when the AP is disconnected from a controller (dynamic), or never (off).
Depending on if the Operation for Backup configuration is configured for static or dynamic, the AP's backup SSID will be visible as "backup-<wired mac address of AP>". Connect to that SSID and enter the preshared key configured in the "Password for Backup" field. Your client should get an ip address in the 192.168.11.x range. Telnet from your client to 192.168.11.1. You should be prompted for the AP console password. Enter the password, and you should be allowed to connect to the AP.
To display all of the AP environment variables, enter "bootenv -j" at the command line.
To reset all AP environment variables to factory settings, enter "bootenv -s"
To set an AP environment variable enter "bootenv -p <ap_environment_variable>=value. A handy list of some environment variables is here: http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-assign-static-parameters-in-aruba-AP/ta-p/183014
To clear an AP environment variable enter "bootenv -p <ap_environment_variable>="
To validate that you have set the correct variables, type "bootenv -j" to double-check.
If an ip address, subnet mask or default gateway are received via DHCP, they will not show up in "bootenv -j". Type "ifconfig br0" to see the current ip address, and subnet mask acquired via dhcp. Type "route" to see the default gateway information.
When you type the bootenv -p command the variables are set and don't have to be saved. Type "reboot" to reboot the AP with the new settings.
You can also ping from the # prompt to establish connectivity.
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide