Network Management

last person joined: yesterday 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

Instant ap zero touch provisioning via Airwave

This thread has been viewed 1 times

  • 1.  Instant ap zero touch provisioning via Airwave

    Posted Sep 11, 2019 09:32 AM

    Hello all

     

    I am experiencing some issues getting ZTP to work with Airwave using Aruba Activate. I have a test AP added to aruba activate which belong to a folder with a provisioning rule: IAP to Airwave pointing to the public IP of the Airwave server. When booting this factory new AP, it's getting its Airwave settings configured (the public IP of the airwave server is visible in the airwave settings of the gui)

    The problem however is on the Airwave server.

    I was expecting the new instant AP to be visible under 'new devices', but for some reason it's not showing up at all.

     

    Capturing traffic I can see the instant AP communicating via https with the public IP of the Airwave server (3-way-handshake).

     

    Does anyone have any experience with this?



  • 2.  RE: Instant ap zero touch provisioning via Airwave

    EMPLOYEE
    Posted Sep 12, 2019 05:40 AM

    Does status show as connected when you run

     

    #show ap airwave 

    #show datapath session - filter with airwave IP

     

    Did you tried with any other factory IAP, any ACL is been enabled in under AMPSetup > Genearl> authorization section?

     

    Check for nginx log under system>status page for any errors and have you set PSK or certificate auth under AMP setup > General > IAP Section

     

    community.PNG



  • 3.  RE: Instant ap zero touch provisioning via Airwave

    Posted Sep 12, 2019 07:55 AM

    Hello Pavan

     

    XXX.XXX.XXX.XXX = public ip of the airwave server

     

    b0:b8:67:c8:6d:98# show ap debug airwave

    Airwave Server List
    -------------------
    Domain/IP Address Type Mode Config-only Status
    ----------------- ---- ---- ----------- ------

    XXX.XXX.XXX.XXX Primary - - Not connected

     

    b0:b8:67:c8:6d:98# show datapath session
    Datapath Session Table Entries

    ------------------------------

    Flags: F - fast age, S - src NAT, N - dest NAT
    D - deny, R - redirect, Y - no syn
    H - high prio, P - set prio, T - set ToS
    C - client, M - mirror, V - VOIP
    I - Deep inspect, U - Locally destined
    s - media signal, m - media mon, a - rtp analysis
    E - Media Deep Inspect, G - media signal
    A - Application Firewall Inspect
    L - ALG session
    O - Session is programmed through SDN/Openflow controller
    p - Session is marked as permanent
    RAP Flags: 0 - Q0, 1 - Q1, 2 - Q2, r - redirect to master, t - time based

    Source IP Destination IP Prot SPort Dport Cntr Prio ToS Age Destination TAge Packets Bytes Flags
    ---------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- ------- ----- -----
    10.160.129.15 172.29.23.58 6 49882 22 0 0 0 0 dev2 133 4b 1e02 C
    172.29.23.58 XXX.XXX.XXX.XXX 6 59741 443 0 0 0 1 local 62 0 0 FC
    172.29.23.58 10.160.129.15 6 22 49882 0 0 4 0 dev2 133 31 20e9
    XXX.XXX.XXX.XXX 172.29.23.58 6 443 59741 0 0 0 1 local 62 0 0

     

    I tried with another AP as well, same result.

    Authorize Aruba Instant APs & Aruba Switches to AirWave is set to all on the Airwave server.

     

    AMP setup > General > IAP Section is set to PSK

     

    No errors are visible under system>status



  • 4.  RE: Instant ap zero touch provisioning via Airwave

    EMPLOYEE
    Posted Sep 12, 2019 08:39 AM

    so we are not seeing any error or log entry related to IAP in nginx.log under system>status page?

     

    Does IAP able to reach device.arubanetworks.com site?

     

    https://community.arubanetworks.com/t5/Controller-less-WLANs/Add-a-device-to-Aruba-Activate/ta-p/185620

     

    If it is reachable then try change the VC key once and check the connection status

     

    1) # show running | include virtual

    2) copy the virtual-controller key

    3) # conf t

    4) type in virtual-controller-key and paste the copied kay

    5) change th last 2 digit of the key

    6) # commit apply.



  • 5.  RE: Instant ap zero touch provisioning via Airwave

    Posted Sep 12, 2019 09:22 AM

    Hello Pavan

     

    The IAP has fulll internet access so it is able to reach the website you mentioned. The IAP is imported in Activate.

     

    The only errors in the nginx log is:

     

    2019/09/11 11:58:18 [error] 12856#12856: *2 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 172.29.126.80, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8008/", host: "192.0.2.52"
2019/09/11 11:58:18 [error] 12856#12856: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 172.29.126.80, server: , request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8008/favicon.ico", host: "192.0.2.52"
2019/09/11 13:57:14 [error] 17344#17344: *6 upstream prematurely closed connection while reading response header from upstream, client: 172.29.126.80, server: , request: "GET /nf/amp_status?confirmed_action=reboot HTTP/1.1", upstream: "http://127.0.0.1:8008/nf/amp_status?confirmed_action=reboot", host: "192.0.2.52", referrer: "https://192.0.2.52/amp_status?confirmed_action=reboot

     None of these errors seem related. Because I would expect to see the public IP of the IAP in these logs.

     

    I changed the VC key as you specified.

     

    b0:b8:67:c8:6d:98# show ap debug airwave

    Airwave Server List
    -------------------
    Domain/IP Address Type Mode Config-only Status
    ----------------- ---- ---- ----------- ------

    X.X.XX Primary - - Connected

     

    b0:b8:67:c8:6d:98# show datapath session | include X.X.X.X

    172.29.23.58 X.X.X.X 6 59830 443 0 0 0 1 local 7b 0 0 FC
    X.X.X.X 172.29.23.58 6 443 59830 0 0 0 1 local 7b 0 0 F

     



  • 6.  RE: Instant ap zero touch provisioning via Airwave

    Posted Sep 12, 2019 09:26 AM

    Hello Pavan

     

    The IAP has fulll internet access so it is able to reach the website you mentioned. The IAP is imported in Activate.

     

    The only errors in the nginx log is:

     

    2019/09/11 11:58:18 [error] 12856#12856: *2 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 172.29.126.80, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8008/", host: "192.0.2.52"
2019/09/11 11:58:18 [error] 12856#12856: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 172.29.126.80, server: , request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8008/favicon.ico", host: "192.0.2.52"
2019/09/11 13:57:14 [error] 17344#17344: *6 upstream prematurely closed connection while reading response header from upstream, client: 172.29.126.80, server: , request: "GET /nf/amp_status?confirmed_action=reboot HTTP/1.1", upstream: "http://127.0.0.1:8008/nf/amp_status?confirmed_action=reboot", host: "192.0.2.52", referrer: "https://192.0.2.52/amp_status?confirmed_action=reboot

     None of these errors seem related. Because I would expect to see the public IP of the IAP in these logs.

     

    I changed the VC key as you specified.

     

    b0:b8:67:c8:6d:98# show ap debug airwave

    Airwave Server List
    -------------------
    Domain/IP Address Type Mode Config-only Status
    ----------------- ---- ---- ----------- ------

    X.X.XX Primary - - Connected

     

    b0:b8:67:c8:6d:98# show datapath session | include X.X.X.X
    172.29.23.58 X.X.X.X 6 59830 443 0 0 0 1 local 7b 0 0 FC
    X.X.X.X 172.29.23.58 6 443 59830 0 0 0 1 local 7b 0 0 F