So you've just had a contractor install 173 Access Points! Congrats! But, they haven't taken note of which one is where, nor did you create a table to show them which specific unit belongs in which location. Bummer dude! The problem with not knowing where each AP is is that you can't make finer adjustments of the system and troubleshooting location specific issues can be a nightmare.
There's an app for this problem... Well, maybe an API...
Aruba Access Points have a function where each Access Point can advertise it's hostname in the beacon. It's still a manual job to go around and find each one with a survey tool or something like Wi-Fi Explorer, but it makes it easier than searching BSSIDs!
To enable this handy feature on an Instant AP (or cluster) you can use the Command Line Interface (CLI).
Go to the specific WLAN context and use the "advertise-ap-name" command.
If you're using Aruba Central then you can't adjust the AP config via CLI. So you can use the API! For this particular feature (as of the date this is published) there is no specifically targeted API. You can use the AP Configuration API called "Replace AP configuration". With this essentially you are replacing the entire CLI for the Group or Swarm within a group. You can retrieve the existing CLI using "Get AP configuration", make your adjustments to include "advertise-ap-name" in the appropriate locations (for one fo the SSID profiles in the configuration) and then push it back to the AP using "Replace AP configuration".
The specific use of the API is outside of the context of this blog post!
Now go find an installer who documents their work!
ArubaOS (AOS) is the wireless LAN operating system for Aruba Instant Access Points and Wireless Gateways / Controllers. In AOS 8 you can use the following commands on a Mobility Controller (or a managed device, managed by a Mobility Master) to help troubleshoot various problems you may face with Access Points or Wi-Fi stations/clients.
These commands will need to be used directly on the controller (not the Mobility Master). You can jump to the controller by using the command mdc from within the Mobility Master (MM) CLI. First jump to the controller node-level with cd </md/node-hierarchy-path> so you are operating within the context of a particular managed node (controller/gateway/managed device). I prefer and recommend using this method over opening a direct SSH session to the single controller.
Take a look at the ap-debug statistics for a particular Access Points (AP). Look for Heartbeats, Interface counters, ARP cache Interface info, AP uptime, Ethernet Duplex/Speed, LMS info.
Check for high number of reboots or bootstraps (when the GRE keep-alive is missed).
It might be worth checking the AP system Profile for the “Bootstrap Threshold”. The current default is 8. If it is not specified in the config then its 8.
If your clients experiences issues there are commands to target statistics and logs specific to a station.
Look for tx/rx frames and data (if its incrementing then that’s positive), dropped frames, success vs retry.
Within the AP you can look at radio stats also. Look for radio resets, tx power changes, channel changes, noise floor, data drops and CRC errors increasing…
ARM history for the AP:
Show clients associated to a particular AP:
Aruba Downloadable User Roles (DUR) uses HTTPS. When the DUR is being issued by Aruba ClearPass the switch must trust the HTTPS certificate that the ClearPass server uses. The Certificate Authority intermediate certificate must be loaded into the switch as a trusted authority certificate. The public HTTPS certificate is automatically downloaded to the switch when a radius-server host, with type ClearPass, is configured on the switch (e.g. radius-server host <ip-address> clearpass).
To enable useful debugging certificate issues the following commands will work on an ArubaOS Switch.
If the switch detects any issues with the HTTPS process during a radius request which results in a DUR a debug message should be logged to the session window. During the SSL session there may be a lot of messages (it is noisy). Use 'no debug security ssl' to disable those messages.
When DUR works successfully the issued User Role will be specified in the Port Access Client Status output. To see information about the user-roles available and issued use the following show commands.
We build and optimise networks. Continuous learning is our secret to being good. Along the learning journey we will share things here...