Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

2530 trying to connect aruba central even it's disabled

This thread has been viewed 105 times

  • 1.  2530 trying to connect aruba central even it's disabled

    Posted Mar 28, 2018 08:33 AM

    Hi,

    I have 2530 switches running latest software (YA.16.05.0004).

    I have disabled aruba-central since I don't need it or want to use it.

     

    sh aruba-central
     Configuration and Status - Aruba Central
      Server URL           : None
      Connected            : No
      Mode                 : NA
      Last Disconnect Time : NA

     

    Even it's disabled, switch tries to connect and logs warning message on log. There is no DNS server configured so thats why it says "unable to resolve":

    W 03/26/18 11:32:55 05220 activate: Unable to resolve the Activate server address device.arubanetworks.com.

     

    I have also 5406Rzl modular switch with same "problem". Aruba-central disabled and still trying to connect:

    W 03/23/18 10:49:24 05222 activate: AM1: Error connecting to the Activate server: Activate TLS connection error.
    W 03/23/18 10:49:24 05222 activate: AM1: Error connecting to the Activate server: SSL negotiation failed.
    I 03/23/18 10:49:09 05226 activate: AM1: Successfully resolved the Activate server address device.arubanetworks.com to 104.36.249.201.

     

    Is there way to disable aruba-central completly so it won't write anything to log or is this software bug that needs to be reported?



  • 2.  RE: 2530 trying to connect aruba central even it's disabled
    Best Answer

    EMPLOYEE
    Posted May 18, 2018 07:47 AM

    Hi, 

     

    I think these messages are not related to Aruba Central but to Aruba Activate. Did you already disabled activate provisioning and software updates? If not hereby the commands:

     

    show activate provision (default on)

    To Disable:

    activate provision disable

     

    show activate software-update (default on)

    To Disable:

    activate software-update disable

     

    The message is not an error. It's more or less just saying it can find activate server. 

     

    Hope this will help you?

     

    Regards, Dobias



  • 3.  RE: 2530 trying to connect aruba central even it's disabled

    Posted May 22, 2018 08:22 AM

    I've been told that the 2530 switches cannot use Activate anyway since they don't have a TPM chip. So you might as well disable Activate.



  • 4.  RE: 2530 trying to connect aruba central even it's disabled

    EMPLOYEE
    Posted May 22, 2018 09:38 AM

    You're correct I'm very sorry I overlooked your switch type. The 2540 will be supported!



  • 5.  RE: 2530 trying to connect aruba central even it's disabled

    EMPLOYEE
    Posted May 22, 2018 09:58 AM

    Btw, the 2530 is supported since YA/YB.16.04.0008 or later software version. See http://help.central.arubanetworks.com/latest/documentation/online_help/content/public_cloud/applications/wired_management/overview.htm

     



  • 6.  RE: 2530 trying to connect aruba central even it's disabled

    EMPLOYEE
    Posted May 24, 2018 05:46 AM

    Just to clarify the TPM comment:

    Aruba 2530 series switches do not have a TPM chip but can be managed by Aruba Central with 16.04 or newer firmware. The 2530 switches receive during the initial contact with Aruba Activate the certificates via EST (Enrollment over Secure Transport) which will be further used for connecting to Aruba Central.

     

    If you don't want the ArubaOS switches to contact these public Aruba Activate and Central servers you can disable that in the CLI with the following commands:

    - aruba-central disable
    - activate software-update disable
    - activate provision disable



  • 7.  RE: 2530 trying to connect aruba central even it's disabled

    Posted May 24, 2018 06:12 AM

    Can the 2530 switches also use Activate for connecting to our Airwave server for ZTP with 16.04 or newer firmware?



  • 8.  RE: 2530 trying to connect aruba central even it's disabled

    EMPLOYEE
    Posted May 24, 2018 10:28 AM

    I would assume that you can use Activate to ZTP to your Airwave server. But please be advised that only 2530 manufactured on or after July 2017 will be available on the Activate database



  • 9.  RE: 2530 trying to connect aruba central even it's disabled

    Posted May 25, 2018 08:25 AM

    Hi Dobias Van Ingen,

    You are right. I don't know why I didn't notice this. I overlooked log files it seems :)

    I disabled now both activate services and now messages are gone from log.

    As you said, there is no error. But I just want to keep my logs as clean as possible ;)

     



  • 10.  RE: 2530 trying to connect aruba central even it's disabled

    Posted Jun 12, 2019 04:48 AM

    Hi!!

     

     I have the same problem with another Aruba switch model.

     With the commands,(activate provision disable ,activate software-update disable ) the messages no  longer appear.

     But i have a doubt that is how often the swith tries to conncet, because checkining other switch that has enable "activate software-update" and "activate provision"  the warning appears once a week, at the same time, and in which I have the problem, it appears every 5 minutes.

     

     Thanks in advance!



  • 11.  RE: 2530 trying to connect aruba central even it's disabled

    Posted Feb 19, 2020 02:22 AM
      |   view attached

    353 messages! HOW TO DISABLE IT FOREVER IN ALL LOGS? I don't want to connect anywhere to aruba central or to have certificates. How to stop it?! Thanks.

    warning
    2/19/2020, 11:13:20 AM
     
    Activate
    EST enrollment with server failed because of CACERTS curl error.
     
    warning
    2/19/2020, 11:08:20 AM
     
    Activate
    EST enrollment with server failed because of CACERTS curl error.
     
    info
    2/19/2020, 11:08:20 AM
     
    Activate
    EST provision with activate server successful. Establishing connection with EST server.
     
    info
    2/19/2020, 11:08:16 AM
     
    Activate
    Successfully resolved the Activate server address device.arubanetworks.com to 54.70.29.7.
     
    info
    2/19/2020, 11:08:16 AM
     
    Central
    Maximum retries limit have been reached to contact Aruba Central server.Contacting back to Activate server for reprovisioning.
     
    warning
    2/19/2020, 11:08:16 AM
     
    Activate
    Connection with EST server failed for 5 retries. Re-connecting with activate server for EST provisioning.
     
    warning
    2/19/2020, 11:03:16 AM
     
    Activate
    EST enrollment with server failed because of CACERTS curl error.
     
    warning
    2/19/2020, 10:58:16 AM
     
    Activate
    EST enrollment with server failed because of CACERTS curl error.


  • 12.  RE: 2530 trying to connect aruba central even it's disabled
    Best Answer

    EMPLOYEE
    Posted Feb 19, 2020 02:55 AM

    There are logs related to Aruba Central and Aruba Activate.

     

    If you want to disable Aruba Central or you do not wish your switch managed by Aruba Central issue the below command on switch.

     

    Aruba-central disable

     

    To disable Aruba Activate and software updates via Activate, you can enter the following commands at the switch Config prompt:

     

      activate provision disable

      activate software-update disable

     

     



  • 13.  RE: 2530 trying to connect aruba central even it's disabled

    Posted Feb 22, 2021 10:33 AM
      |   view attached
    I have the same problem here at the moment since the update to the YA_16_10_0012. But the above commands are displayed as not allowed. What can I do to turn all this off with these 2530 switches anyway?

    ------------------------------
    Ulrich Krapp
    ------------------------------

    Original Message


  • 14.  RE: 2530 trying to connect aruba central even it's disabled

    MVP GURU
    Posted Feb 22, 2021 10:53 AM
    Hi Ulrich, haven't you tried to enter config mode first? I've found no issue in executing commands suggested above (aruba-central disable, activate provision disable and/or activate software-update disable) once into config(uration) mode.

    ------------------------------
    Davide Poletto
    ------------------------------

    Original Message


  • 15.  RE: 2530 trying to connect aruba central even it's disabled

    EMPLOYEE
    Posted Feb 22, 2021 05:41 PM
    Hi, you'll need to be in the configuration context as mentioned previously and the command is "no activate provision enable".



    ------------------------------
    Justin Noonan
    ------------------------------

    Original Message