目前AOS10每组Lab中有2台7010、1台VGW、1台2930F和1个AP。在三种Lab场景切换下可能导致设备不能正常上线。
在解决设备上线前第一个需要解决的问题是2930交换机online且在in sync状态,然后根据不同lab手册首先配置好交换机,再关注AP和Gateway的状态。Gateway全部采用full-setup方式初始化,设置Lab默认密码,以便其他Lab方便恢复配置。
2930F onboard检查
首先检查2930F是否正常onboard,如果show aruba-central 显示如下,说明设备未注册至Central。
Aruba-2930F-8G-PoEP-2SFPP# show aruba-central
Configuration and Status - Aruba Central
Server URL : None
Connected : No
Mode : NA
Last Disconnect Time : NA
Server DNS Lookup : NA
Proxy Server DNS Lookup : NA
Error Reason : NA 通过show activate provision 可以看出由于DNS问题导致设备未能注册到Central。
Aruba-2930F-8G-PoEP-2SFPP# show activate provision
Configuration and Status - Activate Provision Service
Activate Provision Service : Enabled
Activate Server Address : devices-v2.arubanetworks.com
Activation Key : Not Available
Time Sync Status : Not Updated
Activate DNS Lookup : Failure
Proxy Server DNS Lookup : NA
Activate Connection Status : NA
Error Reason : NA
Override Default Config Check : DisabledLab中交换机可以通过DHCP获取IP和DNS,可以用# erase startup-config恢复默认配置。如果被 Central 管理,无法执行 erase startup-config,需要通过 aruba-central support-mode enable 命令将 Central 修改为 Moniter 模式,然后再执行 erase startup-config。
Aruba-2930F-8G-PoEP-2SFPP(config)# aruba support-mode enable
This mode will enable all CLI configuration commands, including those
normally reserved by the Aruba Central service. Use of this mode may
invalidate the configuration provisioned through Aruba Central server.
Continue (y/n)? y
Aruba-2930F-8G-PoEP-2SFPP(config)# erase startup-config
The current configuration will be deleted, existing login passwords
removed, and the device rebooted.
Continue (y/n)? y另外一种情况:
Aruba-2930F-8G-PoEP-2SFPP(eth-2)# sho activate provision
Configuration and Status - Activate Provision Service
Activate Provision Service : Enabled
Activate Server Address : devices-v2.arubanetworks.com
Activation Key : Not Available
Time Sync Status : Not Updated
Activate DNS Lookup : NA
Proxy Server DNS Lookup : NA
Activate Connection Status : NA
Error Reason : NA
Override Default Config Check : Disabled这种情况需要检查交换机端口up down状态,交换机虽然有IP和DNS,但是到公网不通。确认2930f获取到正确的IP(10.x.80.xx)和DNS。
正常的activate状态
Aruba-2930F-8G-PoEP-2SFPP# show activate provision
Configuration and Status - Activate Provision Service
Activate Provision Service : Enabled
Activate Server Address : devices-v2.arubanetworks.com
Activation Key : CZLS6EIH
Time Sync Status : Time sync from NTP pool
Activate DNS Lookup : Success
Proxy Server DNS Lookup : NA
Activate Connection Status : Success
Error Reason : NA
Override Default Config Check : Disabled正常的onboard状态
Aruba-2930F-8G-PoEP-2SFPP# show aruba-central
Configuration and Status - Aruba Central
Server URL : https://device.central.arubanetworks.com.cn/ws
Connected : Yes
Mode : Managed
Last Disconnect Time : NA
Server DNS Lookup : Success
Proxy Server DNS Lookup : NA
Error Reason : NA 有些老旧版本交换机,或者恢复交换机至出厂,可能导致缺少digi_cert证书(可联系我们导入)
报错 Tls generic error (code: -7629)Error Reason
Aruba-2930F-8G-PoEP-2SFPP# show crypto pki ta-profile
Profile Name Profile Status CRL Configured OCSP Configured
--------------- ------------------------------ --------------- ---------------
IDEVID_ROOT Root Certificate Installed
COMODO_RSA_CA Root Certificate Installed No No
Default Self-signed Certificate Ins... No No
GEOTRUST_CA Root Certificate Installed No No
ARUBA_CA Root Certificate Installed No No
CUSTOM_CA Root Certificate Installed No No
digi_cert Root Certificate Installed No No 自行导入证书命令
(config)#crypto pki ta-profile digi_Cert
#copy tftp ta-certificate digi_Cert 10.0.50.20 digi_CertAP onboard检查
AP通常在网络正常情况下会自动上线。如遇特殊情况,可以通过命令查看
IAP#show activate status
IAP#show ap debug cloud-server
IAP#show log provision例如IAP时间错误导致:(配置ntp即可修复)
34:fc:b9:cf:45:1e# show activate status
IAP MAC Address :34:fc:b9:cf:45:1e
IAP Serial Number :USCXHN76HC
Cloud Activation Key :
Activate Server :device.arubanetworks.com
Activate Status :connection-failed
Activate fail reason :ASN date error, current date before
Provision interval :1 minutes正常状态:
34:fc:b9:cf:45:1e# show activate status
IAP MAC Address :34:fc:b9:cf:XX:1e
IAP Serial Number :USCXXX76HC
Cloud Activation Key :
Activate Server :device.arubanetworks.com
Activate Status :enabled
Provision interval :10080 minutesGateway onboard检查
Gateway参考AOS10 SD-Branch手册2.4章节,正确配置IP和端口设置,基本上线不会出问题。
(Aruba7010_DD_17_80) #show aruba-central details
Aruba Central
-------------
Parameter Value
--------- -----
Aruba Central IP/URL device.central.arubanetworks.com.cn
Connection Status DOWN
Time of last disconnect N/A
SmartAmon MON Bootstrap Status Init
Number of times WS connected 0
Time of last connect N/A如果Gateway offline状态,且无法通过Lab默认密码登录,可以使用以下帐号登录设备做初始化。
User: branchsupport
Password:密码为mac地址小写,:为分隔符。具体每台设备mac地址可以直接登录Central查看拷贝。
Tips:在输入时粘贴可能是右键,或者Ctrl+Alt+右shift调出粘贴窗口,输入内容,然后右键自动粘贴。
重置命令:#write erase all
选择full-setup方式进行重置。Lab1
00:0b:86:dd:2f:00
00:0b:86:9a:af:37
Lab2
00:0b:86:dd:33:20
00:0b:86:dd:13:a0
Lab3
00:0b:86:dd:17:80
00:0b:86:de:b2:40
Lab4
00:0b:86:dd:18:e0
00:0b:86:dd:25:e0
Lab5
00:0b:86:de:d5:40
00:0b:86:dd:1b:a0
Lab6
00:0b:86:de:d7:e0
00:0b:86:de:b1:80
Password:密码应该为为mac地址大写
branchsupport的密码是mac小写!!!