Summary

Aruba Networks, a subsidiary of Hewlett Packard Enterprise (HPE), is a leading provider of networking solutions, specializing in wireless LAN (Wi-Fi), switching, SD-WAN, network security, and network management. Aruba focuses on delivering secure, scalable, and intelligent network solutions for enterprises, educational institutions, healthcare providers, and public venues.

Mobility Master

Definitions

MM

Mobility Master

MD

Managed Device (e.g., a controller)

CAP

Campus AP

RAP

Remote AP

IAP

Instant AP

MDC (md-connect) to an MD

First, find out which MD an AP is on:

1. (ArubaMM) [mynode] # show ap database | include greenhouse
2. (ArubaMM) [mynode] # cd cam4
3. (ArubaMM) [ab:cd:ef:12:34:56] # mdc

Access Points

Show AP Details

(Cam4) [MDC] # show ap details ap-name rap_greenhouse.wireless.fsu.edu

Show AP Config

(Cam4) [MDC] # show ap config ap-name rap_greenhouse.wireless.fsu.edu

Show AP Port Status

(Cam4) [MDC] # show ap debug port status ap-name rap_greenhouse.wireless.fsu.edu

Move AP to a different group

This will reboot the AP.

(ArubaMM) [mynode] # ap-regroup wired-mac [MAC address] [AP Group]

Show down AP's

(ArubaMM) [mynode] # show ap database long status down

Show Unprovisioned AP's

(ArubaMM) [mynode] # show ap database long unprovisioned

Factory Reset an AP, remotely

(ArubaMM) [mynode] # provision-ap reset-bootinfo [ip-addr|wired-mac]

Delete an AP from AP database

(ArubaMM) [mynode] # clear gap-db ap-name [ap-name] OR clear gap-db wired-mac [mac address]

Terminal Full-Access on an AP

Disable AP Console Protection in the AP System, if needed

At the AP's console prompt (~ #): hit ESC and then CTRL-K

Users

Show a user in the global user table

(ArubaMM) [mynode] # show global-user-table list name [username]

Delete a user from the user db

Obtain Client MAC and Current Switch from global user table (above). Then run in MDC:

(Cam3) [MDC] # aaa user delete mac [MAC address]

Show VLAN Derivation

Obtain Client IP and Current Switch from global user table (above). Then run in MDC:

(Cam3) [MDC] # show aaa debug vlan user ip [client-ip]

Debug User Auth Issues

1. config t
2. logging level debugging security process authmgr
3. logging level debugging security subcat aaa
4. wr mem
5. show log security 50

Packet Capture

The Controlpath contains packets destined for the MD. The Datapath contains packets that are being forwarded by the controller, i.e., packets from a wireless client.

Receive packet-capture from Aruba Controller

Aruba controller sends the remote packet-capture GRE-encapsulated.

1. On receiving box (e.g., 10.186.255.198): sudo tcpdump -ni ens224 proto gre -w capture.pcap
2. On controller: packet-capture destination ip-address 10.186.255.198
3. On controller: packet-capture datapath ipsec
4. On controller, when done: no packet-capture datapath ipsec

Cluster Redundancy

Check for Cluster L2 Redundancy

Must be executed on an MD that is part of a cluster; not on the MM.

show lc-cluster vlan-probe status

Exclude a VLAN from L2 Redundancy Check

Must be individually added to the config of every md in the cluster.

lc-cluster exclude-vlan "1,1607"

Campus AP Keeps Rebooting / Upgrade Failed

If a Campus AP keeps rebooting, and its serial console output shows:

SAPD: Reboot after image upgrade failed: 65280

Interrupt the AP boot and execute:

 apboot> osinfo
 Partition 0 does not contain a valid OS image
 
 Partition 1:
     image type: 0
   machine type: 40
           size: 7211308
        version: 6.4.4.0-wave2
   build string: ArubaOS version 6.4.4.0-wave2 for 32x (p4build@cyprus) (gcc version 4.6.3 20120201 (prerelease) (Linaro GCC 4.6-2012.02) ) #49847 SMP Thu Apr 30 14:49:32 PDT 2015
          flags: preserve factory
            oem: aruba
 
 Image is signed; verifying checksum... passed
 Signer Cert OK
 Policy Cert OK
 RSA signature verified.

This means the problem is the old 6.4.4.0 firmware. You need to clear it:

apboot> clear all Checking OS image and flags Invalid image format version: 0x0 Continuing with OS clear 512 bytes written to volume aos0 Erasing flash sector @ 0x3a0000...OK

Device 0: nand0... is now current device Erasing UBIFS ...OK Remove UBI volume ubifs (id 0) Creating dynamic volume ubifs of size 63361024 Device 1: nand1... is now current device

Now tell the AP to boot and it should find mama (the Master):

apboot> boot

Instant APs

Convert CAP to IAP

https://blog.theitrebel.com/2020/04/28/two-simple-words/

 Info:  At some point around 8.12.0.3, the ability to convert CAP to IAP was added to the GUI. Thus, the above link is outdated, but still might be useful.

1. Provision an Aruba Virtual Mobility Controller (VMC), as a "standalone" VMC, at least version 8.12.0.3.
2. Provision the Campus AP into your new VMC.
3. In the VMC GUI, navigate to Maintenance > Access Point > Convert to instant mode.
4. Check the box of the CAP you wish to convert to IAP.
5. Click Reboot.

Change Country Code to US

1. Calculate the SHA1 hash value of the AP in this format: US-{s/n}.

   For example, if the s/n of the AP is AP12345, run this command in a Linux shell:

   $ echo -n "AP12345" | sha1sum

   Jot down the resulting hash value.

2. Reboot the AP and enter apboot mode.
3. Jot down the existing CCODE, so you can revert later if there are any issues:

   apboot> mfginfo

4. Program the new system CCODE (replace the hash below with your actual calculated hash):

   apboot> proginv system ccode CCODE-US-50970090021390901280e8fbc1119a406cf3389f

   apboot> invent -w

   apboot> saveenv

5. Verify the new CCODE is programmed:

   apboot> mfginfo

6. Boot or factory_reset as needed.

AirWave

ampcli

/usr/local/airwave/bin/ampcli

Restart AirWave services

amp_disable

amp_enable

Monitor services

Useful after a restart.

logs

tailf service_watcher

Find large files

find / -type f -size +1000M | xargs du -h | sort -nr

Delete kernel log file

truncate -s 0 kernel