Q:
Allow Zero Touch Provisioning when NTP server is unreachable.
In Instant 6.4.4.6-4.2.4.0, IAP supports zero-touch provisioning through Aruba Activate even when the default NTP server(pool.ntp.org) is not reachable through the network. In such case, IAP will not be able to get a valid time to pass the necessary SSL certificate validations, hence cannot establish a secure connection to Activate. Instead, IAP will fall back to an unsecure connection with Activate, learn a new time range from the Activate server, and retry the secure connection. No other activate-action are allowed through the unsecure connection.
The behavior will only happen if reason for secure connection failure is due to NTP issues. If secure connection fails for any other reason, IAP will not fallback to unsecure connection, unless the IAP is still factory default state. No new CLI command or Web UI changes are needed to enable this function as it's default starting 4.2.4.0.
Below are the logs from IAP that shows the fall back to unsecure connection due to incorrect time.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.