Managing AP Console Settings

An AP’s provisioning parameters are unique to each AP. These parameters are initially configured on the Mobility Master and then pushed out to the AP and stored on the AP itself. Best practices are to configure an AP’s provisioning settings using the Mobility Master WebUI. If you find it necessary to alter an AP’s provisioning settings for troubleshooting purposes, you can do so using the WebUI and CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., or alternatively, through a console connection to the AP itself.

To create a console connection to the AP:

1. Connect a local console to the serial port on the AP. You can connect the AP’s serial port to a terminal or terminal server using an EthernetEthernet is a network protocol for data transmission over LAN. cable, or connect the serial console port to a DB-9 adapter, then connect the adapter to a laptop using an RS-232 cable. For details on connecting to an AP’s serial console port, refer to the installation guide included with the AP.
2. Establish a console communication to the AP, then power-cycle the AP to reboot it.
3. To access the AP console command prompt, press Enter when the AP displays the message “Hit <Enter> to stop autoboot.” If the autoboot countdown expires before you can interrupt it, turn the device off and then back on.
4. Once the AP boot prompt appears, enter the AP console password. You can issue any of the AP provisioning commands described in the Table 1. Remember, though these commands may be useful for troubleshooting, they are all optional and are not necessary for normal AP provisioning.

Table 1: AP Boot Commands

 

The list of AP boot commands may vary based on the APBoot image version.

Command

Description

boot

Boot the ArubaOS image from flash or USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. , using currently saved environment variables. Any unsaved changes to the variables will be lost. This command has the following sub-parameters:

ap - Boot the ArubaOS image from flash.

usb:<path> - Boot the ArubaOS image from USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. .

clear

Clear the ArubaOS image or other information. This command has the following sub-parameters:

all - Clear the cache and ArubaOS.

cache - Clear the cache sectors (mesh, Remote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link., Campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on.).

os <n> - Clear the image from the specified partition (default: 0).

prov - Clear provisioning image from the flash.

dhcp

Invoke DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  client to obtain IP/boot parameters.

factory_reset

Reset the AP to factory default.

flash

Upgrade the boot image.

NOTE: Exercise caution when using this command.

help

Help text for the AP boot commands.

mfginfo

Shows manufacturing information of the AP.

osinfo

Shows the ArubaOS image information on the AP.

ping

Check network connectivity.

printenv

List the environment variables and their current settings. AP boot environment variables are configured using the AP boot setenv command,

purgeenv

Reinstate AP boot configuration to factory default. This includes restoring the default environment variables.

reset

Perform RESET of the AP CPUCentral Processing Unit. A CPU is an electronic circuitry in a computer for processing instructions..

saveenv

Save environment variables to persistent storage.

setenv ipaddr <ipaddr>

IP address to be assigned to the AP.

setenv netmask <netmaskip>

NetmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses. to be assigned to the AP.

setenv gatewayip <ipaddr>

IP address of the internet gatewayGateway is a network node that allows traffic to flow in and out of the network. used by the AP.

setenv name <ap name>

Name of the AP.

setenv group <group name>

Name of the AP group to which the AP should belong.

setenv master <ipaddr>

IP address of the AP’s master controller.

setenv serverip <ipaddr>

IP address of the TFTPTrivial File Transfer Protocol. The TFTP is a software utility for transferring files from or to a remote host. server from which the AP can download its boot image.

setenv dnsip <ipaddr>

IP address of the DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. server used by the AP.

setenv domainname <domain>

Domain name used by the AP.

tftpboot

Boot ArubaOS image over the network using TFTPTrivial File Transfer Protocol. The TFTP is a software utility for transferring files from or to a remote host. protocol.

upgrade

Upgrade the APBoot or ArubaOS image. This command has the following sub-parameters:

boot <file> - Upgrade the APBoot image from <file>.

os [<n>] <file> - Upgrade the ArubaOS image in partition <n> from <file>.

prov - Upgrade provisioning image from <file>.

NOTE: <file> can be a <TFTPTrivial File Transfer Protocol. The TFTP is a software utility for transferring files from or to a remote host. -server-IP>:<path> or usb:<path>.

version

Displays the APBoot image version.

5. When you are finished, type saveenv and then press enter to save your settings

 

Other AP console commands may be available when accessing an AP directly through its console port, but these commands can cause configuration errors if used improperly and should only be issued under the direct supervision of Aruba technical support.

The example below configures an AP location and domain name using an AP console connection:

Hit <Enter> to stop autoboot: 0

apboot> <INTERRUPT>

apboot> setenv group corporate-2

apboot> setenv domainname mycompany.com

apboot> saveenv

apboot>boot

To view current AP settings using the AP console, issue the command printenv <name> where <name> is one of the variable names listed in Table 1, such as ipaddr, dnsip or gatewayip.

apboot> printenv domainname

domainname=mycompany.com

AP Console Password Protection

The ArubaOS AP console password feature helps protect systems that manage highly sensitive information, like financial and banking institutions, by requiring users to log in to the AP network with a password. The AP console password is enabled by default. Passwords must be 6 to 32 characters in length, and can include alphanumeric and special characters. If configured, you must enter this password to get AP console access. If not configured, the Mobility Master generates a default random password which can be viewed by executing the encrypt disable command followed by the show ap system-profile <profile-name> command.

The timeout feature is also supported as an added level of security. If there is no user input or activity during one timeout interval (default of 30 minutes), the user is logged out of the system. The timeout interval cannot be modified.

Setting an AP Console Password

You can configure an AP console password using the managed device WebUI or CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..

In the WebUI

To set a password in the WebUI:

1. In the Managed Network node hierarchy, navigate to Configuration > System page.
2. Select the Profiles tab.
3. Expand the AP profile in the All Profiles list, then select AP System.
4. Select the AP system profile you want to modify.
5. Open the Advanced tab, check theConsole Enable check box.
6. In the AP Console Password field, enter the desired AP console password. Retype the password to confirm.
7. In the Password for Backup field, enter the password backup password for the console. Retype the password to confirm.
8. Click Submit.

 

Once the console is enabled, you do not need to enable it again. The console access is password protected.

In the CLI

To set the AP console password in the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:

(host)[node] (config) #ap system-profile <profile>

(host)[node] (AP system-profile “<profile>") #console-enable

(host)[node] (AP system-profile “<profile>”) #slow_timer_recovery

If the password is lost, and the AP is not connected to a managed device, the console can be reset using the reset button on the AP or the factory_reset AP boot command. If it is already connected to a managed device, the AP password can be changed under the AP Console Password field of the AP System profile in the WebUI, or using the ap-console-password parameter of the ap system-profile command in the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..

Disabling Access to the AP Console

Another way to protect your AP system is to completely disable access to the AP console under enabled mode.

In the WebUI

To disable access to the console in the WebUI:

1. In the Managed Network node hierarchy, navigate to the Configuration > System page.
2. Select the Profiles tab.
3. Expand the AP profile in the All Profiles list, then select AP System.
4. Select the AP system profile you want to modify.
5. Open the Advanced tab, check the Console Enable check box.
6. Click Save.

In the CLI

To disable access to the console in the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:

(host)[node] (config) #ap system-profile default

(host)[node] (AP system profile “default”) #no console-enable