Aruba Instant – AP boot image commands and upgrade

Leave a reply

I asked if there was a way to recover from a corrupted AP image.  Since the IAP will not fully boot we needed a way to replace the corrupted image via the AP boot menu options.  These commands aren’t well documented so I figured I would post this to hopefully help out others that face the same issue.

The first step is to reboot the AP and break the boot cycle.  You will need to press any key when prompted:

APBoot 1.5.5.5 (build 55373)
Built: 2016-06-09 at 11:36:40

Model: AP-32x
DRAM: 491 MB
SF: Detected MX25U3235F with page size 64 kB, total 4 MB
Flash: 4 MB
N

Hit <Enter> to stop autoboot: 0
apboot>

There are a number of options in the apboot menu: (may change on older firmware)

apboot> ?

?              – alias for ‘help’

boot           – boot the OS image

clear          – clear the OS image or other information

dhcp           – invoke DHCP client to obtain IP/boot params

factory_reset  – reset to factory defaults

help           – print online help

mfginfo        – show manufacturing info

osinfo         – show the OS image version(s)

ping           – send ICMP ECHO_REQUEST to network host

printenv       – print environment variables

purgeenv       – restore default environment variables

reset          – Perform RESET of the CPU

saveenv        – save environment variables to persistent storage

setenv         – set environment variables

tftpboot       – boot image via network using TFTP protocol

upgrade        – upgrade the APBoot or OS image

version        – display version

In this post I’m going to concentrate on the OS related commands.  The first thing we did was clear the corrupt os using the “clear os” command:

apboot> clear os

512 bytes written to volume aos0

Next we validated that partition0 is clear using the “osinfo” command:

apboot> osinfo

Partition 0 does not contain a valid OS image

Partition 1 does not contain a valid OS image

The next step is to get network connectivity. If the network has DHCP available simply type the “dhcp” command:

apboot> dhcp

eth0: link up, speed 1 Gb/s, full duplex

DHCP broadcast 1

DHCP DNS domain:

If DHCP is not available you will need to assign a static IP.  Here is a sample of that configuration:

apboot> setenv ipaddr 192.168.11.2
apboot> setenv netmask 255.255.255.0
apboot> setenv gatewayip 192.168.11.1

Now that we are on the network we need to provide the address of the TFTP server.  This is accomplished using the “serverip” command:

apboot> setenv serverip <TFTP server IP>

Ensure that a valid IAP image is in the TFTP directory of your server.  Make sure you use the correct image for the AP model that you are trying to upgrade.  In my example I’m upgrading an IAP-325.

Upgrade the OS using the “upgrade os” command:

apboot> upgrade os ArubaInstant_Hercules_8.3.0.6_69128

eth0: link up, speed 1 Gb/s, full duplex

Using eth0 device

TFTP from server 172.20.50.51; our IP address is 172.20.70.100; sending through gateway 172.20.70.1

Filename ‘ArubaInstant_Hercules_8.3.0.6_69128’.

Load address: 0x44000000

Loading: #################################################################

#################################################################

#################################################################

#######################################

done

Bytes transferred = 15293120 (e95ac0 hex)

Image is signed; verifying checksum… passed

Signer Cert OK

Policy Cert OK

RSA signature verified.

15293120 bytes written to volume aos0

Verifying flash…

Upgrade successful.

Validate the image using the “osinfo” command:

apboot> osinfo

Partition 0:

image type: 0

machine type: 40

size: 15293120

version: 8.3.0.6-8.3.0.6

build string: ArubaOS version 8.3.0.6-8.3.0.6 for Hercules (p4build@pr-hpn-build07) (gcc version 4.6.3 20120201 (prerelease) (Linaro GCC 4.6-2012.02) ) #69128 SMP Thu Feb 14 08:35:24 UTC 2019

flags: Instant preserve

oem: aruba

Image is signed; verifying checksum… passed

Signer Cert OK

Policy Cert OK

RSA signature verified.

Validate the IAP boot partition is set to the correct partition using “printenv” command.  Look for the os_partition variable:

apboot> printenv

os_partition=0

If the partition is not correct, set the os_partition using the “set_env” command:

apboot> setenv os_partition 0

Make sure you save your settings:

apboot> save

Now your IAP is ready to be reloaded using the “reset” command or just power cycle the AP. The IAP should boot with the newly upgraded image.

Hope this helps.

Airwave Root

Leave a reply

AirWave 8.2.10.0 CentOS7 install:

Re-Enable Root, Reset Password, and delete GRUB

Yes, you need to boot from a Live Distro, or mount the disk with another VM. Knppoix/Ubuntu/Backtrack are what I typically have on hand. If you use Ubuntu make sure you use

“Try without Installing” / Try Ubuntu and don’t install over your AMP server

– Shutdown the AirWave VM

– Add CD ROM to VM, and mount ISO to CD ROM.

– Edit VM Options, Boot Options, Force BIOS setup

              You may have Boot from EFI option with 6.7U3

– Save 

– Boot the AirWave VM

– In the vm BIOS got right to the Boot option

– Hightlight the CD-ROM option, and ++ to move it above Hard Drive

– Exit, Save Changes, Yes

– If Ubuntu use “Try Ubuntu” Option

– open terminal:

 Remove Grub Password

You probably don’t need this but here if you need to get into the boot loader:

sudo mount /dev/sda2 /mnt

sudo nano /mnt/grub/grub.conf

– delete the line that starts with password

– save file

umount /mnt

Enable Root Login

While you’re here go ahead and re-enable root login.

Mount the / drive:

sudo mount /dev/mapper/vg_system-lv_root /mnt

Change passwd file:

sudo nano /mnt/etc/passwd

change the root from nologon to /bin/bash

root:x:0:0:bin:/bin:/sbin/nologin  to  root:x:0:0:root:/root:/bin/bash

Set/Reset Root/Console Password

– set the root password / reset the ampadmin password

cd /mnt

sudo chroot /mnt

passwd ampadmin

passwd root

exit

Unmount the drive and reboot

cd /

sudo umount /mnt

Reboot Ubuntu/Linux and edit the VM setting to disconnect the CDROM and boot into AirWave. 

Airwave Upgrade for New Centos

Leave a reply

Basic Crib

the OVA file contains the new version if used to build a new instance.  A hardware AW upgrade would be similar in process, but we would have to build it from scratch (install the OS first, then use the .iso file for the AW install) on the same box after copying off the backup file.

To upgrade CentOS for Airwave the process in the Release Notes is correct:

  1. First, upgrade your live AW to 8.2.10.0.  This upgrades the databases so they can be restored later in the steps.
  2. Backup this live AW and copy off this backup file somewhere
    1. (CLI) Backup > Backup Now. 
      1. (GUI) To grab the “nightly” or “weekly” backups – if you’ve waited long enough since the upgrade to 8.2.10.0 so they can run since your upgrade – go to System > Backups
    2. Command line for SCP from AW (don’t use Solarwinds SFTP/SCP Server as it doesn’t like the encryption ciphers… OpenSSH in Linux works well) (This step is the most difficult in terms of getting the SCP server running, reachable, and the syntax correct):
      1. If I had a “awbackupfolder” folder on my Linux box on the Desktop for a user named “username”, I would reference the existing folder as relatively from my login directory: Desktop/awbackupfolder/  (the trailing “/” is optional here)
      2. The CLI SCP syntax cannot take the “~” tilde character so reference the folder in another way
      3. username@192.168.21.21:Desktop/awbackupfolder/
    3. Power off the AW server (we’ll need the new box to have the same IP because AW licenses are tied to it)
  3. Build a new AW server with the right storage, cpu, and memory requirements.  This is a good opportunity to increase hard disk size if you’ve been holding off.
    1. Building from OVA file will install the CentOS 7 version.
    2. To login to the newly deployed box, use the default: user = root and password = admin
    3. Use the same basic startup-script info as before, keeping the same IPs
    4. You will need a complex password.  Store it somewhere safe: this is your CLI and your WebUI password for “admin” login
  4. Once the box is up, from the CLI copy over the backup file via SCP.
    1. Files > Upload
      1. username@192.168.21.21:Desktop/awbackupfolder/ampbackup_date_time.tar.gz
  5. Now restore from the backup.
    1. Backup > Restore > AMP Restore, select the file.  Sometimes the numbers don’t match what you type – I think due to hidden files (.digest files).  Make sure it is the right one (it should be the only one here)
    2. VisualRF backup file is already contained in the AW Backup file, so there isn’t a need to do that restore separately.
  6. Log in to the system after it is up with the new password.  Perform basic checks that information is still flowing correctly.
  7. Delete the old virtual machine once everything is running fine.
  8. Have a cup of coffee.

Aruba ClearPass SQL Filters

Leave a reply

Custom SQL filter to get NAS-Port-ID

SELECT tips_dashboard_summary.id as session_id, source as req_source ,user_name,service_name,alerts_present,nas_ip,nas_port,conn_status,login_status,error_code,host_mac as mac_address,tips_dashboard_summary.timestamp,tips_dashboard_summary.write_timestamp,attr_value,attr_name FROM tips_dashboard_summary INNER JOIN tips_session_log_details ON tips_dashboard_summary.id = session_id where attr_name = ‘Radius:IETF:NAS-Port-Id’ AND ((tips_dashboard_summary.timestamp >= –START-TIME–) AND (tips_dashboard_summary.timestamp <= –END-TIME–));

Aruba Instant Mesh Wifi

Leave a reply

When setting up Aruba Mesh with instants do not forget to turn off extended SSID.

Steps

  1. Create cluster with IAP let them sync with image and configuration (update them to lateist code)
  2. Disable the extended SSID ( in the latest version 4.x, it is enabled) in options
  3. you will find both the IAPs as mesh portals.
  4. Remove the IAP from the Switch which you want to make mesh point and provide external power.
  5. After booting, there will be a mesh link between two IAPs.

OWA Blank Page Fix

Leave a reply

OWA Fix
Run Script Fix
At flashing cursor, type the following commands

If you are using Exchange 2010

1. CD “C:\Program Files\Microsoft\Exchange Server\V14\Bin” and then press <ENTER>
2. Subdirectory will change to the above.
3. updatecas.ps1, then press <ENTER>

If you are using Exchange 2007

1. CD “C:\Program Files\Microsoft\Exchange Server\Bin” and then press <ENTER>
2. Subdirectory will change to the above
3. UpdateOwa.ps1, and then press <ENTER>

The script will perform a number of different commands, and then simply complete by dropping you back to the DOS prompt
Type EXIT to close the Shell window

Get Exchange to use single host Certificate

Leave a reply

While moving to office 365 some peoples exchange 2007 do not have correct certificates for the move.

Once a correct certificate is installed say “example.jake.com”

you can use the following script;

$URL=”example.jake.com”
$CName=”exch-svr-test”

Get-ClientAccessServer $CName | Set-ClientAccessServer -AutodiscoverServiceInternalUri https://$URL/autodiscover/autodiscover.xml
Get-WebServicesVirtualDirectory -Server $CName | Set-WebServicesVirtualDirectory -InternalUrl https://$URL/ews/exchange.asmx
Set-OWAVirtualDirectory -identity “$cname\owa (Default Web Site)” -InternalURL https://$URL/owa -ExternalURL https://$URL/owa
Get-OABVirtualDirectory -Server $CName | Set-OABVirtualDirectory -InternalURL https://$URL/OAB -ExternalURL https://$URL/OAB
Get-ActiveSyncVirtualDirectory -Server $CName | Set-ActiveSyncVirtualDirectory -InternalURL https://$URL/Microsoft-Server-ActiveSync -ExternalURL https://$URL/Microsoft-Server-ActiveSync
Set-OutlookAnywhere -identity “$cname\RPC (Default Web Site)” -ExternalHostname $URL

Boom this into powershell happy days