How to disable IAP communicating Activate

MVP
MVP
Requirement:

 

By Default Aruba Instant access points will be contacting Activate server irrespective if access points are manged via Activate to provision them in Central / Airwave.



Solution:

 

Starting from Aruba instant 8.4.0.0, we have ability to stop Aruba instant access points contacting activate.



Configuration:

 

Below commands will help to disable IAP contacting activate,

9c:8c:d8:c9:39:52# configure 

We now support CLI commit model, please type "commit apply" for configuration to take effect.

9c:8c:d8:c9:39:52 (config) # activate-disable 

Once we enable this knob, IAP's will be no longer manged in Aruba central also we can't provision any rules in activate.

 

9c:8c:d8:c9:39:52 (config) # no activate-disable   -------------> To enable the activate service again.



Verification

 

9c:8c:d8:c9:39:52# show activate 

IAP MAC Address          :9c:8c:d8:c9:39:52

IAP Serial Number        :CNH7KD5517

Cloud Activation Key     :FFGO8E1C

Activate Server          :device.arubanetworks.com

Activate Status          :admin-disabled-by-cli .      -----> to verify if activate status is disabled

Last provision time      :2019-04-05 10:02:03

Provision interval       :0 minute

Version history
Revision #:
2 of 2
Last update:
‎04-05-2019 03:30 AM
Updated by:
 
Labels (1)
Contributors
Comments

@esupport Is it possible to get a clarification here. 

 

Are these statements true? No 1? No 2 ? Or Both ?

 

# 1

If running "activate-disable", it will still contact device.arubanetworks.com IPs and and read and save airwave configs to the AP but then not contact the airewave server? 

 

# 2

If running "activate-disable" it will netiher try to download any airwave config from device.arubanetworks.com nor contact any airwave server that eventually already exist in the AP config.

 

 

 

I have not tested that much. But it seems like no 1 is true whereas no 2 is not...

 

I cannot even run the command "activate-disable" as I get an error message. I guess that depends on the fact there is no airwave config to download from device.arubanetworks.com. This is bad. As if one day an airwave config is there it will contact the airwave server and eventuallty join as it seems the activate-disable command cannot be saved to the AP config without an already existing config at devices.arubanetworks.com. It would therefor be good thing if a future firmware update would make it possible for the AP to always accept the activate-disable command to the config even if there is no config to download.... It would actually be good to also have a command that make it not even contact devices.arubanetworks.com if it is a high security network with non allowed internet access.

 

If I have wrong info of how this works, I would very much appreciate to be enlighted.

 

Many thanks in advance

 

/Peo

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: