How to troubleshoot Aruba central and IAP or AP connectivity issue. HPE Greenlake.

Aruba AP can’t join Aruba Central, or an already working AP is unable to re-connect to Aruba Central or Greenlake

We need to check the AP license and subscription assignment on Aruba Central, if there is no subscription, the AP can’t join Aruba Central/Greenlake

In the below screenshot, AP does not have a subscription key assigned, and the application (Aruba Central) is not assigned.

How to troubleshoot Aruba central and IAP or AP connectivity issue. HPE Greenlake.

we need to assign subscription and add the AP in the device inventory. If the AP is not added on central, you will get an error like “fail-no-prov-rule.” Make sure you add all cluster APs to the central inventory.

How to troubleshoot Aruba central and IAP or AP connectivity issue. HPE Greenlake.

Check if you have the proper DNS assigned to your device.

How to troubleshoot Aruba central and IAP or AP connectivity issue. HPE Greenlake.

If the AP is already configured on the Airwave server, then the AP can’t contact Activate or Aruba Central. We need to release the AP cluster from the Aruba airwave.

Make sure you have an NTP server configured, and if there is no NTP server configured on the device or if we have a time mismatch, then the AP can’t join and fails to establish an SSL connection with Activate and Central.

How to troubleshoot Aruba central and IAP or AP connectivity issue. HPE Greenlake.

Check that the required URL and port are opened on firewalls 443, 53, 80, device.arubanetworks.com, and common.cloud.hpe.com. Both URLs should be whitelisted and allowed on the firewall.

Check the minimum firmware build for the AP. You can find this information in the central documents Aruba central techdocs.

Check if you have any proxy servers configured on your network. AP will talk to the proxy server before authentication with Activate or Central servers, which will be the gateway for AP.

How to troubleshoot Aruba central and IAP or AP connectivity issue. HPE Greenlake.

Aruba AP supports HTTP proxying. AP establishes TCP communication with the proxy over the configured proxy server port (80, 8080) or any other custom port and sends HTTP CONNECT to the destination server that it wants to connect to the proxy. It will be an HTTP proxy, so there is no SSL handshake required with the proxy server.

With the help of the below command, you can find out if the central HTTP connection and redirection are happening or not.

How to troubleshoot Aruba central and IAP or AP connectivity issue. HPE Greenlake.

You can also try to unsubscribe only the master or commander AP from the device inventory and subscribe back.

You can try to factory reset the AP.

If you want to debug more log information, you can use the below command and observe the output.

Show activate status

show proxy 

show log system

show log ap-debug

show ap debug cloud-server

show ap debug airwave

show ap debug cloud-config-received

show summary | i NameServer

show process | include NTP

Leave a Reply

Your email address will not be published. Required fields are marked *