ArubaOS (AOS) is the wireless LAN operating system for Aruba Instant Access Points and Wireless Gateways / Controllers. In AOS 8 you can use the following commands on a Mobility Controller (or a managed device, managed by a Mobility Master) to help troubleshoot various problems you may face with Access Points or Wi-Fi stations/clients.
These commands will need to be used directly on the controller (not the Mobility Master). You can jump to the controller by using the command mdc from within the Mobility Master (MM) CLI. First jump to the controller node-level with cd </md/node-hierarchy-path> so you are operating within the context of a particular managed node (controller/gateway/managed device). I prefer and recommend using this method over opening a direct SSH session to the single controller.
Take a look at the ap-debug statistics for a particular Access Points (AP). Look for Heartbeats, Interface counters, ARP cache Interface info, AP uptime, Ethernet Duplex/Speed, LMS info.
Check for high number of reboots or bootstraps (when the GRE keep-alive is missed).
It might be worth checking the AP system Profile for the “Bootstrap Threshold”. The current default is 8. If it is not specified in the config then its 8.
If your clients experiences issues there are commands to target statistics and logs specific to a station.
Look for tx/rx frames and data (if its incrementing then that’s positive), dropped frames, success vs retry.
Within the AP you can look at radio stats also. Look for radio resets, tx power changes, channel changes, noise floor, data drops and CRC errors increasing…
ARM history for the AP:
Show clients associated to a particular AP:
Aruba Downloadable User Roles (DUR) uses HTTPS. When the DUR is being issued by Aruba ClearPass the switch must trust the HTTPS certificate that the ClearPass server uses. The Certificate Authority intermediate certificate must be loaded into the switch as a trusted authority certificate. The public HTTPS certificate is automatically downloaded to the switch when a radius-server host, with type ClearPass, is configured on the switch (e.g. radius-server host <ip-address> clearpass).
To enable useful debugging certificate issues the following commands will work on an ArubaOS Switch.
If the switch detects any issues with the HTTPS process during a radius request which results in a DUR a debug message should be logged to the session window. During the SSL session there may be a lot of messages (it is noisy). Use 'no debug security ssl' to disable those messages.
When DUR works successfully the issued User Role will be specified in the Port Access Client Status output. To see information about the user-roles available and issued use the following show commands.
We build and optimise networks. Continuous learning is our secret to being good. Along the learning journey we will share things here...