Provisioning Instant APs through Central

The Aruba Central Central UI User Interface. provides a standard web-based interface that allows you to configure and monitor multiple Aruba Instant networks from anywhere with a connection to the Internet. Aruba Central supports all the Instant APs running Instant 6.2.1.0-3.3.0.0 or later versions.

Using Central, individual users can manage their own wireless network. This UI User Interface. is accessible through a standard web browser and can be launched using various browsers.

Central supports automatic ZTP Zero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention. and manual provisioning. There are three different methods of manual provisioning.

For provisioning Instant APs through Central, the Instant APs must obtain the cloud activation key.

Prerequisites for Obtaining the Cloud Activation Key

To ensure that the Instant APs obtain the cloud activation key from the Aruba Activate server, perform the following checks:

If a cloud activation key is not obtained, perform the following checks:

Viewing the Cloud Activation Key Using the Old WebUI

If Instant AP has already obtained the activation key, complete the following steps:

  1. Connect to the Instant SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. and type http://instant.arubanetworks.com in the web browser.
  2. Log in to the website by using the default username admin and the default password which is the Serial Number of the Instant AP.
  3. In the Instant AP WebUI, navigate to Maintenance > About and copy the cloud activation key.
  4. To view the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  address of the conductor Instant AP, click the device name under the Access Points tab of the main window. The MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  address will be displayed in the Info section.

Viewing the Cloud Activation Key Using the New WebUI

If Instant AP has already obtained the activation key, complete the following steps:

  1. Connect to the Instant SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. and type http://instant.arubanetworks.com in the web browser.
  2. Log in to the website by using the default username admin and the default password which is the Serial Number of the Instant AP.
  3. In the Instant AP WebUI, navigate to Maintenance > About. You can view the cloud activation key in the Cloud Activation Key field.
  4. To view the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  address of the conductor Instant AP, navigate to Dashboard > Overview and select the device from the Dashboard > Access Points. The MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  address will be displayed under Overview > Info. Alternatively, go to Dashboard > Access Points and select the device from the list of Access Points. The MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  address will be displayed under Overview > Info.

You can also check the cloud activation key of an Instant AP by running the show about and show activate status commands. For more information on these commands, refer to the Aruba Instant CLI Reference Guide.

If the Instant AP is deployed in the cluster mode, the member Instant APs do not obtain the activation key. You must use the cloud activation key and MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  address of the conductor Instant AP for provisioning through Central.

Support for Alternate Image Server When Provisioning an Instant AP

AP provisioning is either done through a mandatory upgrade or image sync through Aruba Activate. Typically, Aruba Activate returns the default image URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. as a HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. body payload, and the AP uses this URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. to download and upgrade the image. However, in some scenarios, the default URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. returned by Aruba Activate can be unreachable, because users configure a firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. that only allow specific URLs Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. or static IP addresses; but the default URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. is served with a dynamic IP address. Starting from Aruba Instant 8.9.0.0, Instant introduces an alternative image URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. service function which supplies a reachable image URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. from the cache list when the conductor or member APs report a mismatch. The AP will then use the reachable image URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. to download the image and provision the AP.

Provisioning AP1X Certificates through Aruba Central or AirWave

Aruba Instant supports provisioning of AP1X certificates through AirWave or Central. A common AP1X certificate can now be applied to all Instant APs in the cluster by executing the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command:

(Instant AP)(config) # wlan Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. cert-assignment-profile

(Instant AP) (cert assignment) # pki-cert-assign application ap1x cert-type TrustedCA certname <cert_name>

If an AP1X common cert already exists in the Instant AP and needs to be replaced with a per-device AP1X certificate, you must first remove the common cert uploaded through Central or AirWave and then re-upload the per-device cert. This is because the common certificate has a higher priority than the per-device certificate, the per-device cert will not be used if the common is removed.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands are used to remove the common AP1X CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate installed through AirWave or Central:

(Instant AP)# clear-cert ap1x-common-cert

(Instant AP)# clear-cert ap1x-common-ca