Q:
What are the troubleshooting commands to check IAP communication with Central ?
A: 1. We need to ensure that IAP has a DNS server configured on it so that it can resolve activate.arubanetworks.com. In case of missing or non-functioning DNS, we will see the following error:
2. We need to check if we are able to ping activate server.
3. IAP sets up a SSL connection with Activate server over port 443. So, it needs to validate the certificate used for building the connection which requires the clock to be correct on the IAP.
•In case, the clock in incorrect, we will see the following message:
•IAP# show clock
Current Time :1999-12-31 20:09:32
IAP# show log ap-debug | include awc
•Dec 31 20:06:48 awc[1594]: isc_exit: 603: disconnected
•Dec 31 20:07:47 awc[1594]: awc_init_connection: 2004: connecting to device.arubanetworks.com:443
•Dec 31 20:07:47 awc[1594]: tcp_connect: 163: recv timeout set to 5
•Dec 31 20:07:47 awc[1594]: tcp_connect: 170: send timeout set to 5
•Dec 31 20:07:47 awc[1594]: awc_init_connection: 2043: connected to device.arubanetworks.com:443
•Dec 31 20:07:47 awc[1594]: awc_init_connection: 2085: Loading local CA certificates
•Dec 31 20:07:47 awc[1594]: awc_init_connection: 2092: Failed to load CA root certificate: ASN date error, current date before
•Dec 31 20:07:47 awc[1594]: isc_init failed
Please refer to the following link to get more insight in to the ports needs for successful communication with Central:
http://help.central.arubanetworks.com/2.4.1/documentation/online_help/content/public_cloud/get_started/communication_ports.htm?Highlight=ports