Wireless Access

Okay, here's what I'd like to do:

 

At any point in time, once a new AP comes up and uses option 43 to contact the controller, given the MAC address of that AP, the controller issues a bunch of commands to provision it:

config t

provision-ap

read-bootinfo wired-mac <MAC Address>

ap-group <AP Group>

ap-name <AP Name>

reprovision wired-mac <MAC Address>

exit

 

BUT, I want this to occur whenever the AP is actually turned up - I don't want to sit there on the line ready to push these commands.

 

I keep thinking a provisioning profile SHOULD be able to do this, but I can't find anything that suggests it can. 

 

Am I really off base?  There just seems there must be a way to script this via a provisioning profile, an ap system profile or some kind of scripting....

ap-regroup and ap-rename with the wired mac or the serialnumber option allow you to do this while an AP is offline.

 

http://community.arubanetworks.com/t5/Access-Points/Updating-configuration-of-Inactive-APs/td-p/9137

So, that will move an AP to a given group, that's good.   But how do you automate the assigning a name for instance?  What scripting can you use with Aruba OS?

ap-regroup will change the group

ap-rename will change the name.

 

Both commands can be issued before an access point comes up as long as you use the wired mac or serialnumber parameter.   they can be cut and pasted from your favorite spreadsheet program

But it didn't work......bunko was the name I used, btw......

 

 #ap-rename wired-mac 6c:f3:7f:c3:92:dc bunko
AP with MAC address 6c:f3:7f:c3:92:dc not found.

We are running 6.2 on an Aruba 3600 (master)....btw.....

Sorry.

The access point would need to have touched the controller once before. I apologize.....

Any way to add that MAC address into the controller somehow, so that it reads it and performs the command?

No.

 

The access point would have just need to have seen the controller once (standard burn-in) for it to be in the database.  You cannot add it ahead of time, unfortunately :(

So, you can't do an import whitelist?

What about the local-userdb-ap?  I can't add APs that way?

---

@meaganmargaret wrote:

What about the local-userdb-ap?  I can't add APs that way?

---

The local-userdb-ap is only for Remote APs.  There is also a control plane security whitelist that will admit/deny campus access points to your network, but it it will not rename them or put them into groups.

 

Do you have many access points and many groups that this needs to be done to?

 

What about this command:   whitelist-db cpsec add mac-address

 

So, here's what I'm trying to do:

 

I found out that I can remotely rename and regroup an AP, even when it's offline, IF it is found in the database.  This allows me to add APs offline, remotely, at almost any time, and when they finally attach to the network, those commands trigger, and the AP is put in the right group with the correct name.  BUT, it doesn't work if the AP is not in the database.

 

So, I'm trying to figure out if there is any way to add the AP into the database before it attaches to the network, using any kind of command or import.

---

@meaganmargaret wrote:

What about this command:   whitelist-db cpsec add mac-address

 

So, here's what I'm trying to do:

 

I found out that I can remotely rename and regroup an AP, even when it's offline, IF it is found in the database.  This allows me to add APs offline, remotely, at almost any time, and when they finally attach to the network, those commands trigger, and the AP is put in the right group with the correct name.  BUT, it doesn't work if the AP is not in the database.

 

So, I'm trying to figure out if there is any way to add the AP into the database before it attaches to the network, using any kind of command or import.

---

There is not a way to do this before the access point attaches to the network.  The cpsec whitelist does not allow you to specify a name or group.

 

More often than not, if you have an ap-group that most of your access points will be in anyway, you configure your expected WLAN settings to the default ap-group;  In that way, all new access points will come up, receive that configuration, start serving clients, and you can provision the names and ap-groups at a later time...

 

Okay, you're not understanding me, quite.

 

First of all, it's an existing network, and it's important to configure these as quickly as possible, given that they are replacing existing in production APs.

 

Here's what I'm asking:  can I add the mac address using that command, then....much later,  use the ap-rename and ap-regroup commands, and again much later, plug the AP into the network and make sure it gets the name and the group correctly.

 

NOTE:  I am not trying to do this all at once.  The only thing I'm asking about right now is if I can add the mac address via the whitelist command, such that later on, I can use a dfferent command to name it and group it.

---

@meaganmargaret wrote:

Okay, you're not understanding me, quite.

 

First of all, it's an existing network, and it's important to configure these as quickly as possible, given that they are replacing existing in production APs.

 

Here's what I'm asking:  can I add the mac address using that command, then....much later,  use the ap-rename and ap-regroup commands, and again much later, plug the AP into the network and make sure it gets the name and the group correctly.

---

You cannot use the ap-group or ap-rename commands with serialnumber or wired mac address, unless the access point (the new one replacing the old one) has contacted the controller.  This is because the wired mac address OR the serialnumber of the replacing access point would have had to contact the controller, before you run that command.  The entry into the AP database would not have been created if the new access point never contacted the controller.  If that didn't happen, you would not be able to run the ap-rename with serialnumber or mac address command..

 

 

ok, thanks

Yes, about 300

Can't you just modify the default profile? I do some thing similar so as to put any erroneous APs into a air monitor state. Just ideas :)

Hi _ I wanted to see if there are any updates to this behavior. I need to change 1000 AP's across 15 buildings and wont be able to change the default group after a building is done and before they move to the next.  So ideally I would configure all AP's with AP-group & name before they are deployed. Code is 6.5.1

For the record, we use the cpsec whitelist exclusively to name and group APs.  It's a very effective way of pre-provisioning APs.  We've been doing it for a few years (at least since 6.3, now on 6.5).

Interesting, thanks for the reply. Is this the synatx for ap?  If so, how do you specify group, do  you use ap-regroup?

whitelist-db cpsec add mac-address  <mac>

ap-regroup wired-mac  <mac>

https://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/whitelistdb.htm#whitelistdb_2079675688_1010480

To change the whitelist for an AP, use this command instead.

whitelist-db cpsec modify mac-address

 

The entire command will look like what I have below. If either the AP group or AP name does not need to change, just type the existing group/name with the command. 

 

whitelist-db cpsec modify mac-address <ap-wired-mac-address> ap-group <new ap group> ap-name <new ap name>