Aruba Wireless: Difference between revisions

From Dave-Wiki
Jump to navigation Jump to search
No edit summary
 
(9 intermediate revisions by the same user not shown)
Line 3: Line 3:
==Definitions==
==Definitions==


MM = mobility master
; MM : Mobility Master
MD = managed device (controller)
; MD : Managed Device (e.g., a controller)
CAP = Campus AP
; CAP : Campus AP
RAP = Remote AP
; RAP : Remote AP
IAP = Instant AP
; IAP : Instant AP


==MDC (md-connect) to an MD==
==MDC (md-connect) to an MD==
First, find out which MD an AP is on:
First, find out which MD an AP is on:


<code>(ArubaMM) [mynode] # show ap database | include greenhouse</code>
# <code>(ArubaMM) [mynode] # show ap database | include greenhouse</code>
# <code>(ArubaMM) [mynode] # cd cam4</code>
# <code>(ArubaMM) [ab:cd:ef:12:34:56] # mdc</code>


<code>(ArubaMM) [mynode] # cd cam4</code>
==Access Points==


<code>(ArubaMM) [ab:cd:ef:12:34:56] # mdc</code>
===Show AP Details===
<code>(Cam4) [MDC] # show ap details ap-name rap_greenhouse.wireless.fsu.edu</code>
 
===Show AP Config===
<code>(Cam4) [MDC] # show ap config ap-name rap_greenhouse.wireless.fsu.edu</code>
 
===Show AP Port Status===
<code>(Cam4) [MDC] # show ap debug port status ap-name rap_greenhouse.wireless.fsu.edu</code>
 
===Move AP to a different group===
 
''This will reboot the AP.''
 
<code>(ArubaMM) [mynode] # ap-regroup wired-mac [MAC address] [AP Group]</code>
 
===Show down AP's===
<code>(ArubaMM) [mynode] # show ap database long status down</code>
 
===Show Unprovisioned AP's===
<code>(ArubaMM) [mynode] # show ap database long unprovisioned</code>
 
===Factory Reset an AP, remotely===
<code>(ArubaMM) [mynode] # provision-ap reset-bootinfo [ip-addr|wired-mac]</code>
 
===Delete an AP from AP database===
<code>(ArubaMM) [mynode] # clear gap-db ap-name [ap-name] OR clear gap-db wired-mac [mac address]</code>
 
===Terminal Full-Access on an AP===
Disable AP Console Protection in the AP System, if needed
 
At the AP's console prompt (~ #): hit ESC and then CTRL-K
 
==Users==
 
===Show a user in the global user table===
<code>(ArubaMM) [mynode] # show global-user-table list name [username]</code>
 
===Delete a user from the user db===
Obtain Client MAC and Current Switch from global user table (above). Then run in MDC:
 
<code>(Cam3) [MDC] # aaa user delete mac [MAC address]</code>
 
===Show VLAN Derivation===
Obtain Client IP and Current Switch from global user table (above). Then run in MDC:
 
<code>(Cam3) [MDC] # show aaa debug vlan user ip [client-ip]</code>
 
===Debug User Auth Issues===
 
# <code>config t</code>
# <code>logging level debugging security process authmgr</code>
# <code>logging level debugging security subcat aaa</code>
# <code>wr mem</code>
# <code>show log security 50</code>
 
==Packet Capture==
 
The ''Controlpath'' contains packets destined for the MD. The ''Datapath'' contains packets that are being forwarded by the controller, i.e., packets from a wireless client.
 
===Receive packet-capture from Aruba Controller===
 
''Aruba controller sends the remote packet-capture GRE-encapsulated.''
 
# On receiving box (e.g., 10.186.255.198): <code>sudo tcpdump -ni ens224 proto gre -w capture.pcap</code>
# On controller: <code>packet-capture destination ip-address 10.186.255.198</code>
# On controller: <code>packet-capture datapath ipsec</code>
# On controller, when done: <code>no packet-capture datapath ipsec</code>
 
==Cluster Redundancy==
 
===Check for Cluster L2 Redundancy===
 
''Must be executed on an MD that is part of a cluster; not on the MM.''
 
<code>show lc-cluster vlan-probe status</code>
 
===Exclude a VLAN from L2 Redundancy Check===
 
''Must be individually added to the config of every md in the cluster.''
 
<code>lc-cluster exclude-vlan "1,1607"</code>


=Convert CAP to IAP=
=Convert CAP to IAP=
Line 30: Line 112:
Interrupt the AP boot and execute:
Interrupt the AP boot and execute:


<code>
  apboot> osinfo
apboot> osinfo
  Partition 0 does not contain a valid OS image
Partition 0 does not contain a valid OS image
 
 
  Partition 1:
Partition 1:
      image type: 0
    image type: 0
    machine type: 40
  machine type: 40
            size: 7211308
          size: 7211308
        version: 6.4.4.0-wave2
      version: 6.4.4.0-wave2
    build string: ArubaOS version 6.4.4.0-wave2 for 32x (p4build@cyprus) (gcc version 4.6.3 20120201 (prerelease) (Linaro GCC 4.6-2012.02) ) #49847 SMP Thu Apr 30 14:49:32 PDT 2015
  build string: ArubaOS version 6.4.4.0-wave2 for 32x (p4build@cyprus) (gcc version 4.6.3 20120201 (prerelease) (Linaro GCC 4.6-2012.02) ) #49847 SMP Thu Apr 30 14:49:32 PDT 2015
          flags: preserve factory
        flags: preserve factory
            oem: aruba
          oem: aruba
 
 
  Image is signed; verifying checksum... passed
Image is signed; verifying checksum... passed
  Signer Cert OK
Signer Cert OK
  Policy Cert OK
Policy Cert OK
  RSA signature verified.
RSA signature verified.
</code>


This means the problem is the old 6.4.4.0 firmware. You need to clear it:
This means the problem is the old 6.4.4.0 firmware. You need to clear it:
Line 84: Line 164:
===Monitor services===
===Monitor services===


Useful after a restart
''Useful after a restart.''


<code>logs</code>
<code>logs</code>

Latest revision as of 02:51, 12 February 2024

Mobility Master

Definitions

MM
Mobility Master
MD
Managed Device (e.g., a controller)
CAP
Campus AP
RAP
Remote AP
IAP
Instant AP

MDC (md-connect) to an MD

First, find out which MD an AP is on:

  1. (ArubaMM) [mynode] # show ap database | include greenhouse
  2. (ArubaMM) [mynode] # cd cam4
  3. (ArubaMM) [ab:cd:ef:12:34:56] # mdc

Access Points

Show AP Details

(Cam4) [MDC] # show ap details ap-name rap_greenhouse.wireless.fsu.edu

Show AP Config

(Cam4) [MDC] # show ap config ap-name rap_greenhouse.wireless.fsu.edu

Show AP Port Status

(Cam4) [MDC] # show ap debug port status ap-name rap_greenhouse.wireless.fsu.edu

Move AP to a different group

This will reboot the AP.

(ArubaMM) [mynode] # ap-regroup wired-mac [MAC address] [AP Group]

Show down AP's

(ArubaMM) [mynode] # show ap database long status down

Show Unprovisioned AP's

(ArubaMM) [mynode] # show ap database long unprovisioned

Factory Reset an AP, remotely

(ArubaMM) [mynode] # provision-ap reset-bootinfo [ip-addr|wired-mac]

Delete an AP from AP database

(ArubaMM) [mynode] # clear gap-db ap-name [ap-name] OR clear gap-db wired-mac [mac address]

Terminal Full-Access on an AP

Disable AP Console Protection in the AP System, if needed

At the AP's console prompt (~ #): hit ESC and then CTRL-K

Users

Show a user in the global user table

(ArubaMM) [mynode] # show global-user-table list name [username]

Delete a user from the user db

Obtain Client MAC and Current Switch from global user table (above). Then run in MDC:

(Cam3) [MDC] # aaa user delete mac [MAC address]

Show VLAN Derivation

Obtain Client IP and Current Switch from global user table (above). Then run in MDC:

(Cam3) [MDC] # show aaa debug vlan user ip [client-ip]

Debug User Auth Issues

  1. config t
  2. logging level debugging security process authmgr
  3. logging level debugging security subcat aaa
  4. wr mem
  5. show log security 50

Packet Capture

The Controlpath contains packets destined for the MD. The Datapath contains packets that are being forwarded by the controller, i.e., packets from a wireless client.

Receive packet-capture from Aruba Controller

Aruba controller sends the remote packet-capture GRE-encapsulated.

  1. On receiving box (e.g., 10.186.255.198): sudo tcpdump -ni ens224 proto gre -w capture.pcap
  2. On controller: packet-capture destination ip-address 10.186.255.198
  3. On controller: packet-capture datapath ipsec
  4. On controller, when done: no packet-capture datapath ipsec

Cluster Redundancy

Check for Cluster L2 Redundancy

Must be executed on an MD that is part of a cluster; not on the MM.

show lc-cluster vlan-probe status

Exclude a VLAN from L2 Redundancy Check

Must be individually added to the config of every md in the cluster.

lc-cluster exclude-vlan "1,1607"

Convert CAP to IAP

Source: https://blog.theitrebel.com/2020/04/28/two-simple-words/

Campus AP Keeps Rebooting / Upgrade Failed

If a Campus AP keeps rebooting, and its serial console output shows:

SAPD: Reboot after image upgrade failed: 65280

Interrupt the AP boot and execute:

 apboot> osinfo
 Partition 0 does not contain a valid OS image
 
 Partition 1:
     image type: 0
   machine type: 40
           size: 7211308
        version: 6.4.4.0-wave2
   build string: ArubaOS version 6.4.4.0-wave2 for 32x (p4build@cyprus) (gcc version 4.6.3 20120201 (prerelease) (Linaro GCC 4.6-2012.02) ) #49847 SMP Thu Apr 30 14:49:32 PDT 2015
          flags: preserve factory
            oem: aruba
 
 Image is signed; verifying checksum... passed
 Signer Cert OK
 Policy Cert OK
 RSA signature verified.

This means the problem is the old 6.4.4.0 firmware. You need to clear it:

apboot> clear all Checking OS image and flags Invalid image format version: 0x0 Continuing with OS clear 512 bytes written to volume aos0 Erasing flash sector @ 0x3a0000...OK

Device 0: nand0... is now current device Erasing UBIFS ...OK Remove UBI volume ubifs (id 0) Creating dynamic volume ubifs of size 63361024 Device 1: nand1... is now current device

Now tell the AP to boot and it should find mama (the Master):

apboot> boot

AirWave

ampcli

/usr/local/airwave/bin/ampcli

Restart AirWave services

amp_disable

amp_enable

Monitor services

Useful after a restart.

logs

tailf service_watcher

Find large files

find / -type f -size +1000M | xargs du -h | sort -nr

Delete kernel log file

truncate -s 0 kernel