Developer Community

Reply
Highlighted
New Contributor

Getting dot1x error when creating WLAN via api call

Hi Team,

 

I am getting the following error when I try to create WLAN via API call:

 

Error: dot1x profile needs to be enabled in aaa profile to support opmode, ssid profile referring this is :vssid123

 

Scenario: First I created WLAN named vssid123 manually on the aruba wireless controller with security as open. Now I am trying to update the WLAN and trying to change the security to personal(setting a password) using API call.

 

Sample code:

$sessionId = createSession();
$ssid = '{
"profile-name": "vssid123",
"ssid_enable": {},
"essid": {
"essid": "vssid123"
},
"wpa_passphrase": {
"wpa-passphrase": "secretPSK5"
},
"opmode": {
"wpa2-psk-aes": true
}
}';
//add ssid profile
$url = 'https://113.x.x.x:7707/v1/configuration/object/ssid_prof?config_path=%2Fmm%2Fmynode&UIDARUBA='.$sessionId;

 

I am getting the same error using the swagger as well.

 

Any suggestions?

 

Thanks,

Amardeep

 

MVP Expert

Re: Getting dot1x error when creating WLAN via api call

Hi,

 

it is like the GUI !

You need to specifiy a dot1x profile to your AAA Profile before set a PSK (there is a default dot1x-wpa if remenber for this)



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
New Contributor

Re: Getting dot1x error when creating WLAN via api call

Ok.

 

But in the API calls for creating WLAN we make the first call to ssid_prof object where we can't set this attribute. The second call is made to the virtual_ap object where we cann add this attribute.

 

I am getting the error in the response to the first call to ssid_prof object.

 

Thanks

MVP Expert

Re: Getting dot1x error when creating WLAN via api call

it don't create already the VirtualAP profile ?



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Aruba Employee

Re: Getting dot1x error when creating WLAN via api call

 
Aruba Employee

Re: Getting dot1x error when creating WLAN via api call

Hi,

 

As mentioned by alagoutte, you will need to create a dot1x authentication profile and add it to a AAA profile for converting an open ssid to a PSK ssid.

Find the API call below, for converting to a PSK ssid:

Method:

POST

 

URL:

$url = 'https://113.x.x.x:7707/v1/configuration/object?config_path=%2Fmm%2Fmynode&UIDARUBA='.$sessionId;

 

Request Body (JSON): Multiple Endpoints

{
"ssid_prof": [{
"profile-name": "vssid123",
"ssid_enable" : {},
"essid": {
"essid": "vssid123"
},
"wpa_passphrase": {
"wpa-passphrase": "secretPSK5"
},
"opmode": {
"wpa2-psk-aes": true
}
}],

"dot1x_auth_profile": [{
"profile-name": "vssid123"
}],

"aaa_prof": [{
"profile-name": "vssid123",
"dot1x_auth_profile": {
"profile-name": "vssid123"
}
}],
"virtual_ap": [{
"profile-name": "vssid123",
"aaa_prof": {
"profile-name": "vssid123"
},
"vlan": {
"vlan": "1"
},
"ssid_prof": {
"profile-name": "vssid123"
}
}],
"ap_group": [{
"profile-name": "default",

"virtual_ap": [{
"profile-name": "vssid123"
}]
}]
}

 

Note:

- Multiple endpoints are hit in the same api call like ssid_prof, do1x_auth_prof, aaa_prof, virtual_ap, ap_group to create/edit various profiles

- Only ssid_prof, dot1x_auth_profile and aaa_prof are needed to achieve the desired result, however virtual_ap and ap_group are added in case you need it

- Change vlan and ap-group name in the request body as applicable

 

Regards,

Jay

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: