Connecting the world…

cli

Problems provisioning AP324?

I had to provision some AP324 APs on a standalone Aruba Mobility Controller. The controller runs AOS 8.2.0.2 code and functions as standalone controller. So what could be a problem when provisioning an AP324 via the GUI??? Well during the provisioning I couldn’t choose the desired custom AP group. I can only choose from both default AP groups: default and NoAuthApGroup.

Hhhhmmm, what could be the problem? I created a new AP group with default settings and even changed the settings from my custom AP group to match the settings from the default AP group, but still no option. So I guess this is some kind of bug in the 8.2.0.2 code……..

Eventually I configured the AP via the CLI to get it provisioned in the correct AP group with the correct parameters and that is working fine. Remember: the AP324 is an AP with external antennas so you need to configure the antenna gain during the provisioning. The exact value of the antenna gain can be found in the data sheet. I used the CLI configuration below to provision the AP.

# clear previous provisioning ap list
clear provisioning-ap-list

# enter config mode and configure parameters
config t
provision-ap read-bootinfo ap-name a8:bd:27:cc:50:8e
provision-ap installation indoor
provision-ap a-ant-gain 5.8
provision-ap g-ant-gain 3.8
provision-ap external-antenna
provision-ap ap-group my-ap-group
provision-ap no syslocation
provision-ap no remote-ap

# view the configured parameters
show provisioning-params

# provision the AP
provision-ap reprovision ap-name a8:bd:27:cc:50:8e

# clear provision list and parameters
clear provisioning-ap-list
clear provisioning-params

The AP is configured with the correct parameters, which can also be verified from the GUI….

SMTP Auth testing via CLI

Just a quick note to describe the procedure for SMTP auth testing via the command-line. At first you need to encode username and password in Base64. This can be done in several ways. The easiest way would be via https://www.base64encode.org/.

Next you can use the following commando’s via telnet to test SMTP AUTH. I always use OpenSSL to connect to the mail server. OpenSSL give you the option to connect to the mail server using STARTTLS.

1) Connect to the mail server

openssl s_client -starttls smtp -crlf -connect smtp.office365.com:25

2) Send the EHLO command to see which items the server supports

EHLO ME
250-VI1PR0101CA0034.outlook.office365.com Hello [93.95.250.230]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8

3) Start SMTP AUTH

AUTH LOGIN
334 VXNlcm5hbWU6

4) The 334 command tells you to enter the Base64 username. When the correct username is entered, the server responses with “334 UGFzc3dvcmQ6”.
5) Enter the Base64 password. The server responses with a successful or unsuccessful message.

235 2.7.0 Authentication successful target host VI1PR06MB1198.eurprd06.prod.outlook.com

6) Now enter the default command’s to send a mail.

MAIL FROM:<from@domain.com>
RCPT TO:<rcpt-to@domain.com>
DATA
SUBJECT: this is the subject

This is the body of the message
.

NetScaler VPX – upgrade firmware

I am fairly new to NetScaler to I tried to upgrade the software via CLI. This is what I if done.

  1. Download the upgrade firmware via MyCitrix.com
  2. Backup the configuration
  3. Upgrade the software to the NetScaler appliance (I used pscp.exe on a Windows machine to upload the software to the directory /var/nsinstall/11.0/63.16. I created the directories 11.0/63.16 before uploading the firmware)
  4. Untar the software
  5. Install the software (relax and take your time)
  6. Reboot the appliance
  7. Verify the upgrade (show version)

When everything goes according to plan, you would see the following output:

root@netscaler# tar zxvf build-11.0-63.16_nc.tgz
x .ns.version
x ns-11.0-63.16.gz
x ns-11.0-63.16.sha2
…….
x libvpath_if.so
x Citrix_Netscaler_InBuilt_GeoIP_DB.csv.gz

root@netscaler# ./installns
installns: [94606]: BEGIN_TIME 1444387063 Fri Oct 9 12:37:43 2015
installns: [94606]: VERSION ns-11.0-63.16.gz
installns: [94606]: VARIANT v
installns: [94606]: No options
…….
installns: [94606]: prompting for reboot
installns: [94606]: END_TIME 1444387469 Fri Oct 9 12:44:29 2015

Installation has completed.

Reboot NOW? [Y/N]

Provision Aruba AP via CLI

Below you will find the necessary commands to provision an Aruba access-point via CLI. The commands add the access-point to the AP whitelist and provision the AP in the correct ap-group. Adding the AP to the whitelist is necessary when using control-plane security.

whitelist-db cpsec add mac-address “94:b4:0f:c4:7e:98” description “ap01”
whitelist-db cpsec modify mac-address “94:b4:0f:c4:7e:98” cert-type factory-cert state certified-factory-cert
clear provisioning-ap-list
provision-ap read-bootinfo ap-name “94:b4:0f:c4:7e:98”
provision-ap copy-provisioning-params ap-name “94:b4:0f:c4:7e:98”
provision-ap installation indoor
provision-ap no external-antenna
provision-ap server-name “aruba-master”
provision-ap ap-group “corp-01”
provision-ap ap-name “ap01”
provision-ap no syslocation
provision-ap no remote-ap
provision-ap reprovision ap-name “94:b4:0f:c4:7e:98”
clear provisioning-ap-list
clear provisioning-params