IAP zero touch provisioning
Allow Zero Touch Provisioning when NTP server is unreachable.
In Instant 220.127.116.11-18.104.22.168, IAP supports zero-touch provisioning through Aruba Activate even when the default NTP server(pool.ntp.org) is not reachable through the network. In such case, IAP will not be able to get a valid time to pass the necessary SSL certificate validations, hence cannot establish a secure connection to Activate. Instead, IAP will fall back to an unsecure connection with Activate, learn a new time range from the Activate server, and retry the secure connection. No other activate-action are allowed through the unsecure connection.
The behavior will only happen if reason for secure connection failure is due to NTP issues. If secure connection fails for any other reason, IAP will not fallback to unsecure connection, unless the IAP is still factory default state. No new CLI command or Web UI changes are needed to enable this function as it's default starting 22.214.171.124.
Below are the logs from IAP that shows the fall back to unsecure connection due to incorrect time.