Troubleshooting commands to check IAP communication with Central

MVP
MVP
Q:

What are the troubleshooting commands to check IAP communication with Central ?



A:

1.  We need to ensure that IAP has a DNS server configured on it so that it can resolve activate.arubanetworks.com. In case of missing or non-functioning DNS, we will see the following error:

2. We need to check if we are able to ping activate server.

3.  IAP sets up a SSL connection with Activate server over port 443. So, it needs to validate the certificate used for building the connection which requires the clock to be correct on the IAP.

•In case, the clock in incorrect, we will see the following message:

•IAP# show   clock

Current Time     :1999-12-31 20:09:32

IAP# show  log ap-debug | include awc

•Dec 31 20:06:48  awc[1594]: isc_exit: 603: disconnected

•Dec 31 20:07:47  awc[1594]: awc_init_connection: 2004: connecting to device.arubanetworks.com:443

•Dec 31 20:07:47  awc[1594]: tcp_connect: 163: recv timeout set to 5

•Dec 31 20:07:47  awc[1594]: tcp_connect: 170: send timeout set to 5

•Dec 31 20:07:47  awc[1594]: awc_init_connection: 2043: connected to device.arubanetworks.com:443

•Dec 31 20:07:47  awc[1594]: awc_init_connection: 2085: Loading local CA certificates

•Dec 31 20:07:47  awc[1594]: awc_init_connection: 2092: Failed to load CA root certificate: ASN date error, current date before

•Dec 31 20:07:47  awc[1594]: isc_init failed

Please refer to the following link to get more insight in to the ports needs for successful communication with Central:

http://help.central.arubanetworks.com/2.4.1/documentation/online_help/content/public_cloud/get_started/communication_ports.htm?Highlight=ports

 

Version history
Revision #:
2 of 2
Last update:
‎03-15-2019 01:07 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: