tag:blogger.com,1999:blog-44814480837199422962024-03-12T18:06:42.779-07:00techblog.melo.nz. . .Unknownnoreply@blogger.comBlogger8125tag:blogger.com,1999:blog-4481448083719942296.post-43210092282874089682022-07-31T22:24:00.001-07:002022-07-31T22:24:23.804-07:00WiFi 6E channels now permitted in New Zealand (August 2022)<h2 style="text-align: left;">WiFi in NZ finally got the major boost that we've been waiting for! <br /></h2><p>More channels equals less interference and less contention.<br /></p><p>RSM (part of MBIE) is the NZ government body responsible for Radio Spectrum Management in New Zealand.
In their August 2022 Business Update, RSM has finally announced the news that everyone in the WiFi industry has been waiting for: WLANs in New Zealand can begin to make use of more RF spectrum i.e. one of the key features of the WiFi 6 standard. Specifically, the WiFi 6E amendment. </p><p></p><h2 style="text-align: left;">Why do we need more RF spectrum? </h2><p> When you run a large number of WiFi access points (APs), you quickly run into 2 problems.</p><ol style="text-align: left;"><li>Not enough channels for all your AP radios without re-using them several times (not to mention your neighbours' AP radios), so your system suffers from co-channel and adjacent-channel interference. This impacts overall performance of the network.<br /></li><li>To try and solve #1, you use the narrowest possible channels (20MHz), to squeeze out as many non-overlapping channels as possible. However by doing so you've now reduced the throughput capacity of each radio, and your entire network isn't as fast as it could be if you had wider channels.<br /></li></ol><p>With the WiFi 6E standard, there are (theoretically): <br /></p><p>59 x new 20MHz channels = 29 x 40MHz channels = 14 x 80MHz channels = 7 x 160MHz channels.</p><p>So now we can have networks that are both more resistant to interference <u>and </u>we can get maximum performance from our network!</p><p><span style="font-size: x-small;">[Watch out for WiFi standard IEEE 802.11be (WiFi 7) which will enable a whopping 320MHz channel width]</span><br /></p><h2 style="text-align: left;">What changes for New Zealand now?</h2><p>With the changes announced by RSM, we unfortunately don't get all 59 new 20MHz channels. We only get 500MHz of the technically supported 1200 MHz.<br /></p><p>We only get permission to use the so-called UNII-5 band. Sometimes this is referred to by the frequency range covered of 5925-6425 (MHz).</p><p>That is only a fraction of the total RF band covered in the WiFi 6E standard, but it still gives us 24 x new 20MHz channels or 6 x new 80MHz channels which will be very welcome.<br /></p><h2 style="text-align: left;">How do we enable the new channels?</h2><h3 style="text-align: left;">Do you have compatible hardware? <br /></h3><p>Firstly, we need to be running hardware which is capable of operating in this radio band. This needs to be supported on both the APs and the WiFi client devices. Look for the WiFi Alliance "WiFi 6E" badge. <br /></p><h3 style="text-align: left;">I have compatible hardware! <br /></h3><p>Generally speaking, each manufacturer of WiFi equipment codes the permitted frequencies, channels, and maximum EIRP into their firmware.</p><p>They code this to adhere to the spectrum management laws in each country, that is why you always need to select a country code when configuring a new WiFi network.</p><p>So we'll need to wait for this news to filter through to the manufacturers who will make the appropriate updates to their code. Then, we need to update our device firmware manually (or this can happen automatically for some devices) before the new channels will be available for use. <br /></p><h2 style="text-align: left;">When will New Zealand get the rest of the new channels?</h2><p>There a are a few issues that need to be resolved before RSM can approve use of more channels on the 6GHz band for NZ.</p><p>The main issue is that this piece of RF spectrum is already allocated to private, licensed users in New Zealand, and they pay a hefty fee for RSM to enforce that nobody else is on their channels.</p><h2 style="text-align: left;">What are the limitations on the new channels? <br /></h2><p>RSM has approved use of the UNII-5 band provided it is only used indoors and at very low power (relatively speaking). <br /></p><p>For higher power applications, such as long distance wireless point-to-point links, the WiFi standard does have a more complicated workaround for this: the mandatory use of an Automated Frequency Coordination (AFC) service. This exists in theory but not yet in practice in NZ.</p><p>An AFC service would require all APs to know their GPS location and also to be able to reach out to this theoretical server that would then coordinate all the channels in the country to avoid massive interference issues.</p><p>As you can imagine, this would require our WiFi systems to behave quite differently than they do today, so AFC is still on the horizon. </p><h2 style="text-align: left;">Where can I read more?</h2><p>You can read the official RSM announcement at <a href="https://www.rsm.govt.nz/projects-and-auctions/completed-projects/wlan-use-in-the-6-ghz-band" target="_blank">the RSM website</a><br /></p><p>You can find a nice graphic of the 6GHz channels in this article on <a href="https://www.juniper.net/us/en/research-topics/what-is-wi-fi-6e.html" target="_blank">Juniper's website</a><br /></p><p> <br /></p><p> <br /></p><p><br /></p><p> <br /></p><p> <br /></p><p><span class="markedContent" id="page33R_mcid378"><span dir="ltr" role="presentation" style="font-family: sans-serif; font-size: 22.232px; left: 435.373px; top: 213.709px; transform: scaleX(1.03147);"></span></span></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4481448083719942296.post-8801904811790328322020-05-05T02:11:00.000-07:002020-05-05T02:11:39.764-07:00Wi-Fi 6E (new unlicensed RF spectrum) won't be available any time soon in New ZealandWi-Fi just got a major enhancement that will be a game-changer...but not in New Zealand.<br />
<br />
<br />
<h3>
Background</h3>
The basic limitation with Wi-Fi in our workplaces, schools & universities, public spaces, stadiums, airports and shopping centres is that there is a limited amount of unlicensed RF spectrum available, and everyone needs to share it.<br />
<br />
Most parts of the RF spectrum can only be used under government-issued license (think cellular towers, RADAR, public safety radio, etc.) but a couple of little slivers were carved out early on in the 2.4GHz and 5GHz ranges for unlicensed use and for Industrial, Scientific and Medical use.<br />
<br />
This then became the backbone of Wi-Fi: the fact that any device we buy off the shelf can talk to practically any Wi-Fi access point in the world is what allowed Wi-Fi to become so ubiquitous and indispensable.<br />
<br />
<h3>
The Problem</h3>
As time went by and the number of connected devices skyrocketed, the contention for that available unlicensed spectrum became worse and worse, to the point where today's Wi-Fi designers prefer to pretend that the 2.4GHz spectrum doesn't exist because it is so crowded and unreliable.<br />
<br />
The holy grail of "better Wi-Fi" is to have access to a channel, a slice of the RF spectrum, that nobody else around you is using. This is getting harder and harder to find. Even in the 5GHz range where there are more channels, we desire to bond them together to increase total bandwidth, effectively reducing the number of available channels and getting back into the same problematic situation as before.<br />
<br />
<h3>
The News from USA</h3>
In early 2020, USA's FCC announced that they would be making another significant chunk of RF spectrum available for unlicensed use (actually they have been working on this for years). This will be in the 6GHz range, so it will have similar characteristics to today's 5GHz Wi-Fi.<br />
<br />
<br />
Although we refer to it as the 6GHz band, the band actually runs from 5.925–7.125GHz, a significant range resulting in over twice as much available RF space than we've ever had in Wi-Fi before.<br />
<br />
This means that we can bond channels together for that delicious bandwidth, and still have plenty to go around uncontested in our local area - a real game-changer!<br />
<br />
The <a href="https://www.wi-fi.org/download.php?file=/sites/default/files/private/Wi-Fi_6E_Highlights_20200423.pdf" target="_blank">Wi-Fi Alliance has also been busy</a>, and they are ready to start certifying devices in 2021, with Broadcom already announcing a chip <a href="https://www.broadcom.com/company/news/product-releases/52926" target="_blank">in February 2020</a>.<br />
<br />
The new spectrum will be known as Wi-Fi 6E (building on the Wi-Fi 6 new naming scheme from 2019).<br />
<br />
<h4>
What about all those organisations who already paid for licenses in the 6GHz spectrum?</h4>
<div>
Avoiding interference for existing license holders (mainly being telcos and broadcasting companies who use it for long distance point-to-point links) will be mitigated in multiple ways.</div>
<div>
<br /></div>
<div>
Firstly, the FCC has determined that the way those licensees use this spectrum is different to the way a business uses Wi-Fi. They don't think that there will be much opportunity for interference to occur to any level that would impact those license holders.</div>
<div>
<br /></div>
<div>
Secondly, even though the new spectrum can be used license-free, usage of channels in this space must still be registered against a central database and coordinated to avoid interference. How this will play out is not clear, but presumably Wi-Fi systems will call in to a regional database and use that to safely and automatically coordinate their available channel-set to avoid licensees' spectrum.</div>
<br />
<h4>
Read all about it</h4>
The entire FCC document can be found at https://docs.fcc.gov/public/attachments/DOC-363490A1.pdf<br />
<br />
Broadcom has produced a graphic showing how much more RF spectrum is made available by this new notice.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.broadcom.com/media/1211237528236/wi-fi-6-frequency-bands.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="450" data-original-width="800" height="360" src="https://www.broadcom.com/media/1211237528236/wi-fi-6-frequency-bands.jpg" width="640" /></a></div>
<br />
<h3>
New Zealand's Government Has No Immediate Plans To Follow Suit</h3>
<div>
In New Zealand the airwaves are regulated by Radio Spectrum Management (RSM), a department of the Ministry of Business, Innovation and Employment (MBIE).</div>
<div>
<br /></div>
<div>
In response to an Official Information Act request from April 2020 asking whether RSM will follow the FCC's lead regarding making the 6GHz spectrum available for unlicensed use, an MBIE representative has made the following statement: </div>
<div>
<br /></div>
<div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">We have no immediate plans around WiFi 6e (i.e. WiFi @ 6GHz). Spectrum</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">above 5925 MHz is currently allocated for bidirectional fixed link use in</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">NZ. We also have C-band satellite uplink licensed across different parts</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">of the 6 GHz band. Fixed and satellite services must coordinate on a</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">first-come-first-serve basis.</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;"> </span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;"><br /></span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">At this stage we don’t have a clear sense of whether the technical</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">mitigations proposed to allow 6e (low power indoor use and automated</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">frequency coordination (AFC)) will be sufficient to manage the</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">interference concerns of the incumbents. In particular AFC is still</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">unproven technology in this scenario. We are watching closely to see</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">whether a significant device eco-system is evolving and when the large</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">consumer nations (USA, China, Europe) move. Once it becomes clear that 6e</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">is really going to happen elsewhere then we will likely run a domestic</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">consultation before making a decision.</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;"><br /></span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;"> </span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;"><br /></span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">Kind regards</span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;"><br /></span></i></div>
<div>
<i><span style="color: #444444; font-family: verdana, sans-serif;">Ministry of Business, Innovation and Employment</span></i></div>
</div>
<br />
<br />
This means that MBIE will be taking a wait and see approach, and in the best case scenario it will be years before we can benefit from Wi-Fi 6E in New Zealand, if at all.<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4481448083719942296.post-19834045248854593842019-06-27T02:08:00.001-07:002019-06-27T02:23:35.755-07:00Finally, a real collaboration between industrial IoT and enterprise Wi-Fi"HPE announces the integration of ABB Ability™ Smart Sensor technology with Aruba access points from end of 2019."<br />
<br />
Included in HPE's <a href="https://news.arubanetworks.com/press-release/hewlett-packard-enterprise-delivers-innovations-drive-next-wave-intelligent-edge-adopt" target="_blank">news release on Tuesday, June 18 2019</a> was an announcement of a new Intelligent Edge partnership with ABB: the 130-year old Swiss industrial equipment manufacturer.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPGyPybIW7Zr_tP-DJtw_3NXRZXWgGhHXXz_7TxDECQPG01odzVWDrvmDN-86ZVHDe2wcqhlKjeR393jC_xCXO8BTuhKqzGR04k5-tRRxE7BnxcDxlsO6tvJVclVtcsahyphenhyphenGflfRMZLVAw/s1600/smart_sensor_for_motors_single.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="ABB Motor Sensor" border="0" data-original-height="279" data-original-width="390" height="228" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPGyPybIW7Zr_tP-DJtw_3NXRZXWgGhHXXz_7TxDECQPG01odzVWDrvmDN-86ZVHDe2wcqhlKjeR393jC_xCXO8BTuhKqzGR04k5-tRRxE7BnxcDxlsO6tvJVclVtcsahyphenhyphenGflfRMZLVAw/s320/smart_sensor_for_motors_single.jpg" title="ABB Motor Sensor" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Motor Sensor. Photo from ABB catalogue</td></tr>
</tbody></table>
Integrations like this, in addition to the recently released <a href="https://www.arubanetworks.com/techdocs/Instant_83_WebHelp/Content/Instant_UG/Services/SES-imagotag%20ESL%20System.htm" target="_blank">SES-Imagotag Electronic Shelf Labels integration</a>, are helping to differentiate Aruba products as IoT-friendly in a competitive market.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmqX5-bXTBnp0FqwTbTbr2PJGn6F0lPhoelWgdXfjRhVYFohyphenhyphenjPoeHAp-OAYH5YGuN9Xj0uaNGeDQTofik9My1LAmHPLV5l2_WvCGlYnCXLz9KC6KrKi8PPyLwdsiKWRYpPRkdIcAV7rk/s1600/SesImagotag.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="203" data-original-width="245" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmqX5-bXTBnp0FqwTbTbr2PJGn6F0lPhoelWgdXfjRhVYFohyphenhyphenjPoeHAp-OAYH5YGuN9Xj0uaNGeDQTofik9My1LAmHPLV5l2_WvCGlYnCXLz9KC6KrKi8PPyLwdsiKWRYpPRkdIcAV7rk/s1600/SesImagotag.JPG" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">SES-imagotag electronic shelf label. Image from SES-imagtotag.com</td></tr>
</tbody></table>
<br />
<br />
The ABB integration is part of a suite of so-called "turnkey edge-to-cloud" solutions for Industy 4.0, which also includes cool toys like an IP55-rated enclosure announced in 2018 <a href="https://new.abb.com/news/detail/4365/abb-hpe-and-rittal-unveil-secure-edge-data-center-to-drive-digitization-of-industrial-plants" target="_blank">called the "Secure Edge Data Center"</a>, that can be installed nearer to the factory floor for handling all those time-sensitive operational workloads.<br />
<br />
Back to the sensors: ABB has an existing sensor platform called <a href="https://new.abb.com/motors-generators/service/advanced-services/smart-sensor" target="_blank">ABB Ability Smart Sensors</a>.<br />
<span style="font-size: x-small;">(The sensor capabilities are detailed at the end of this post.)</span><br />
<br />
<br />
In the ABB Ability platform without Aruba APs, the sensors communicate over Bluetooth either to a phone within 1-10 meters, or to a ABB-supplied Bluetooth gateway within 50 meters (best case). From there, the information is sent to a cloud service which plots historical data onto graphs, shows lovely red icons when a sensor is alerting, etc.<br />
<br />
While the details of the Aruba integration have not yet been announced, it is fair to assume that the BLE radios that have been included in the 300-series and 500-series Aruba APs will be put to use to replace the "gateway every 50 meters" functionality.<br />
<br />
If it works anything like the aforementioned SES-Imagotag ESL integration, we can expect to be able to deploy it with a few simple lines of configuration that will allow the AP to bridge the BLE sensors to ABB's cloud servers.<br />
While SES-Imagotag requires a USB dongle, I am hopeful that the ABB solution will be native, as it uses standard BLE.<br />
<br />
European organisations can purchase directly from ABB online and <a href="https://eu.marketplace.ability.abb/apps/39159/prepaid-condition-monitoring-for-pumps#!editions" target="_blank">the store page</a> reveals subscription pricing of €99.00/device/year with their native gateways. There probably won't be any cost from the Aruba side though.<br />
<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img alt="ABB Bearing Sensor" border="0" data-original-height="725" data-original-width="1280" height="181" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVSonbXEcRbhi1Umq5N-tZ8x9fzzv5vkR3UCYs-VxU8bjEcZj7ZUfkuhajapmy59kQVHzInDdZk94WbHaRn8FWhuoFD85c19N2KpBjzUTSGg8zr2g_TNHPoUu_iZUHPwjRk-TbL_z3nG4/s320/Smart-sensor-for-mounted-bearings.jpg" style="margin-left: auto; margin-right: auto;" title="ABB Bearing Sensor" width="320" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Bearing Sensor. Photo from ABB catalogue</td></tr>
</tbody></table>
<br />
The sensor portfolio includes:<br />
<br />
<a href="http://search.abb.com/library/Download.aspx?DocumentID=9AKK107496&LanguageCode=en&DocumentPartId=&Action=Launch" target="_blank">Condition monitoring for pumps</a> to get readings for:<br />
<br />
<ul>
<li>Health parameters</li>
<ul>
<li>Overall condition</li>
<li>Overall vibration (velocity rms)</li>
<li>Bearing condition</li>
<li>Misalignment</li>
<li>Unbalance</li>
<li>Looseness</li>
<li>Blade problems</li>
<li>Cavitation (under development)</li>
<li>Flow turbulence (under development)</li>
<li>Skin temperature (degrees)</li>
</ul>
<li>Operating parameters</li>
<ul>
<li>Radial vibration (velocity rms)</li>
<li>Tangential vibration (velocity rms)</li>
<li>Axial vibration (velocity rms)</li>
<li>Speed (rpm)</li>
<li>Operating hours</li>
<li>Number of starts</li>
</ul>
</ul>
<br />
<br />
<a href="http://search.abb.com/library/Download.aspx?DocumentID=9AKK107433&LanguageCode=en&DocumentPartId=&Action=Launch" target="_blank">Mounted bearing sensors</a> to get readings for:<br />
<br />
<ul>
<li>Temperature</li>
<li>Vibration</li>
<li>with a traffic-light health dashboard visible in smartphone app</li>
</ul>
<br />
<a href="http://search.abb.com/library/Download.aspx?DocumentID=9AKK106930A9867&LanguageCode=en&DocumentPartId=&Action=Launch" target="_blank">Low voltage motor sensors</a> to get readings for<br />
<br />
<ul>
<li>Health parameters</li>
<ul>
<li>Overall condition</li>
<li>Overall vibration (velocity rms)</li>
<li>Bearing condition</li>
<li>Misalignment</li>
<li>Skin temperature (degrees)</li>
</ul>
<li>Operating parameters</li>
<ul>
<li>Radial vibration (velocity rms)</li>
<li>Tangential vibration (velocity rms)</li>
<li>Axial vibration (velocity rms)</li>
<li>Speed (rpm)</li>
<li>Operating hours</li>
<li>Number of starts</li>
<li>Supply frequency (Hz)</li>
<li>Output power (hp/kW)</li>
<li>Regreasing count-down</li>
</ul>
</ul>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4481448083719942296.post-85828577807634949402019-06-12T22:22:00.001-07:002019-06-12T22:22:30.535-07:00Guide to 5GHz Wi-Fi Channels in New Zealand (NZ)<span style="font-size: x-small;">Disclaimer: I am not a registered RF Engineer, and this is just my interpretation of the information. You are responsible for ensuring your own compliance with Radio Spectrum Management</span><br />
<br />
Most web searches for information about 5GHz Wi-Fi channels result in America-centric or Euro-centric results, so I've compiled this post for New Zealand specific information.<br />
<br />
This information was sourced from <a href="https://www.rsm.govt.nz/licensing/frequencies-for-anyone/short-range-devices-gurl/" target="_blank">rsm.govt.nz</a> and from the NZ Government Gazette <a href="https://gazette.govt.nz/notice/id/2019-go1588" target="_blank">Radiocommunications Regulations (General User Radio Licence for Short Range Devices) Notice 2019 of April 2019</a>. The regulations therefore may have changed since the 2017 version that is referenced on <a href="https://en.wikipedia.org/wiki/List_of_WLAN_channels#cite_note-30" target="_blank">Wikipedia's list of WLAN channels</a><br />
<br />
<br />
<i><br /></i>
<blockquote class="tr_bq">
<i>You should be aware that ground weather radar, covering channels 114, 118, 120, 122, 124, 126 and 128, operates at nine locations across New Zealand. These being Kaeo, Tamahunga, Mamaku, New Plymouth airport, Mahia, Outlook Hill (Wellington), Rakaia Trig, Blue Spur Range (Hokitika) and Invercargill Airport. If 5GHz Wi-Fi equipment is to be deployed in the vicinity of these 9 locations, it is highly recommended that these channels be avoided, as the weather radar is licenced for protection from interference. If your equipment causes any problems to these licenced services, compliance action may be taken against you. ---RSM.govt.nz</i></blockquote>
<h3>
Ch36 to Ch48 (Ch50/)</h3>
<div>
5150MHz to 5250MHz</div>
<div>
Max EIRP -7.0dBW</div>
<div>
<div>
Use is limited to wireless LAN indoor systems only.</div>
</div>
<div>
In the band 5150 – 5250 MHz, the maximum power is −7 dBW (200 mW) e.i.r.p. and the maximum permitted power spectral density is −20 dBW/MHz (10 mW/MHz) e.i.r.p. or equivalently −36 dBW/25 kHz (0.25 mW/25 kHz) e.i.r.p.</div>
<div>
<br /></div>
<h3>
Ch52 to Ch64 (/Ch50)</h3>
<div>
5250MHz to 5350MHz</div>
<div>
MAx EIRP -7dBW or 0dBW (depending on Indoor or Outdoor usage)</div>
<div>
Use is limited to wireless LAN.</div>
<b>Indoor-Only Systems</b>: In the band 5250 – 5350 MHz, the maximum power is <b>−7 dBW (200 mW)</b> e.i.r.p. and the maximum permitted power spectral density is −20 dBW/MHz (10 mW/MHz) e.i.r.p., provided<b> Dynamic Frequency Selection and Transmitter Power Control</b> are implemented. If Transmitter Power Control is not used, then the maximum power (e.i.r.p.) value must be reduced by 3 dB;<br />
<b>Indoor and Outdoor Systems</b>: In the band 5250 – 5350 MHz, the maximum power is <b>0 dBW (1 W) </b>e.i.r.p. and the maximum permitted power spectral density is −13 dBW/MHz (50 mW/MHz) e.i.r.p., provided <b>Dynamic Frequency Selection and Transmitter Power Control </b>are implemented in conjunction with the following vertical radiation angle mask where θ is the angle above the local horizontal plane (of the Earth):<br />
<br />
<br />
Maximum permitted mean power density<br />
<br />
Elevation angle above horizontal<br />
<br />
−13 dB(W/MHz)<br />
<br />
for 0° ≤θ <8°<br />
<br />
<br />
−13 - 0.716(θ - 8) dB(W/MHz)<br />
<br />
for 8° ≤θ <40°<br />
<br />
<br />
−35.9 - 1.22(θ - 40) dB(W/MHz)<br />
<br />
for 40° ≤θ ≤45°<br />
<br />
<br />
−42 dB(W/MHz)<br />
<br />
for 45° <θ;<br />
<br />
<h3>
Ch96 (actually Ch100) to Ch144</h3>
We must not implement Ch96, typically we begin at Ch100 for Wi-Fi, but the document does specify that this piece of spectrum begins at 5470MHz which is Ch96.<br />
<br />
5470MHz to 5725MHz<br />
Max EIRP 0dBW<br />
Use is limited to wireless LAN<br />
In the band 5470 – 5725 MHz, the transmitter peak power must not exceed −6 dBW (250 mW). The maximum power is 0 dBW (1 W) e.i.r.p. and the maximum permitted power spectral density is −13 dBW/MHz (50 mW/MHz) e.i.r.p., provided <b>Dynamic Frequency Selection and Transmitter Power Control are implemented</b>. If Transmitter Power Control is not used, then the maximum power (e.i.r.p.) value must be reduced by 3 dB.<br />
<br />
<h3>
Ch149 to Ch169 (actually Ch168)</h3>
The published frequency range includes Ch169, but we must not use Ch169 in New Zealand.<br />
<br />
5725MHz to 5850MHz<br />
Max EIRP 23 dBW<br />
In the band 5725 – 5850 MHz, the transmitter peak power must not exceed 0 dBW (1 W) and the power spectral density must not exceed 17 dBm/MHz. The maximum power of any emission must not exceed 23 dBW (e.i.r.p.). Transmission is permitted from customer premise equipment with integrated antenna that is part of a point-to-multipoint system receiving from and transmitting to a central access point.<br />
<br />
<br />
It is interesting to note that the RSM boundaries fall on the centre frequencies of wide Wi-Fi channels, meaning that the upper and lower halves of the channel may have different regulations. I invite any commenters to clarify this.<br />
<br />
<a href="https://www.rsm.govt.nz/consumers/pdf-and-documents-library/Wi-Fi%20Devices%20using%20the%205%20GHz%20Band.pdf" target="_blank">This diagram sets out the Wi-Fi channels that you can and can’t use in New Zealand.</a><br />
and here is a static image in case that link becomes unavailable:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5AzU0reVTl9S1nUEdoBqCP8xJ7JU5vmGieFUZMw_FtJFEEFcYaXcDtxoKaqA0t_4odH0BahrwHek2l6FCUyCZ7YH1db7zYdvMDc9IhJknQ_GnwC_kQRX7JknUp73wUts7yqwOUs4okF0/s1600/RSM+5GHz.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="612" data-original-width="1600" height="244" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5AzU0reVTl9S1nUEdoBqCP8xJ7JU5vmGieFUZMw_FtJFEEFcYaXcDtxoKaqA0t_4odH0BahrwHek2l6FCUyCZ7YH1db7zYdvMDc9IhJknQ_GnwC_kQRX7JknUp73wUts7yqwOUs4okF0/s640/RSM+5GHz.JPG" width="640" /></a></div>
<br />
<br />
<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4481448083719942296.post-69282365366938081212019-06-12T19:58:00.001-07:002019-06-12T20:00:18.153-07:00Aruba Outdoor AP Mounting Bracket PhotosThese are the 4 outdoor AP mounting brackets for Aruba AP 270 series, 360 series, 370 series 275, 365, 367, 374, 377, 374, 380<br />
<br />
MNT-H1 - JW054A - Hanging install (can tilt)<br />
MNT- H2 - JW055A - Hanging install (flush, cannot tilt)<br />
MNT-V1 - JW052A - Long arm pole/wall mount (300mm from wall)<br />
MNT-V2 - JW053A - Short arm pole/wall mount (75mm from wall)<br />
<br />
Important: If using AP377 or AP387 or other directional AP, don't use the wall mount or you'll end up aiming the antennas at the floor! Rather use the MNT-H1 mount on a wall or pole.<br />
<br />
<br />
All will become clear when you see the photos:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijm_UoHtLFTJuMd0HV2UZkxnMhqXnWckGOguorApVFarznmtVuca5yYQ690kyO-0V_807yTLQTXeAaAFH_eeKLheOYIoX6VM_dpR1W0IXNQKZNU7txZLMn0_zd1qTHxYzE8UGIZ8Ycuzk/s1600/Outdoor+AP+mounts.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="752" data-original-width="852" height="564" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijm_UoHtLFTJuMd0HV2UZkxnMhqXnWckGOguorApVFarznmtVuca5yYQ690kyO-0V_807yTLQTXeAaAFH_eeKLheOYIoX6VM_dpR1W0IXNQKZNU7txZLMn0_zd1qTHxYzE8UGIZ8Ycuzk/s640/Outdoor+AP+mounts.JPG" width="640" /></a></div>
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4481448083719942296.post-72748367162354968162019-04-11T02:57:00.000-07:002019-04-11T03:14:22.020-07:00Dragonblood: Should you worry? (Wi-Fi WPA3 security vulnerabilities explained for the not-so-techie)On 10 April 2019 I noticed a flurry of panicky news stories and posts around LinkedIn and Twitter. The Wi-Fi Alliance published <a href="https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-security-update-april-2019" target="_blank">a security update</a> regarding security vulnerabilities in the new WPA3 Wi-Fi standards which WLAN vendors are expected to start rolling out en masse in 2019.<br />
<br />
The WPA3 standards promised a far more secure environment than the aging WPA2 standards currently in use just about everywhere today. The vulnerabilities (named Dragonblood) already have their own <a href="https://wpa3.mathyvanhoef.com/" target="_blank">webpage</a>, logo, theme song, etc. so we know that non-technical company execs will be seeing this across their feeds and demanding information about the security of the million-dollar Wi-Fi refresh they've just paid for, by the end of the week.<br />
<br />
Before we engage in mass hysteria, let's examine the vulnerabilities a little further and see if there is truly anything to worry about.<br />
<br />
<b>Is this report from a reputable source?</b><br />
Yes! The analysis and POC code were written by Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven). Vanhoef had also discovered the Krack attack vulnerabilites that got everyone worried in 2017.<br />
<br />
<b>Why "Dragonblood"?</b><br />
It is trendy for vulnerabilities to be given catchy names as this makes it easier for them to be written about in the media and go viral. These vulnerabilities are mainly around the handshake key exchange mechanism used in WPA3 which is called <i>Dragonfly</i>, hence the analysis paper was titled <i>Dragonblood</i>. The researchers released 4 tools to demonstrate the specific attacks and named them <i>Dragonslayer</i>, <i>Dragondrain</i>, <i>Dragontime</i>, and <i>Dragonforce.</i><br />
Note that the Dragonfly family of handshakes is not only used in Wi-Fi. Other encryption-based systems could also be vulnerable.<br />
<i><br /></i>
<b>Can the Dragonblood vulnerabilities be fixed?</b><br />
Yes, mostly.<br />
Thanks to the researchers' responsible disclosure of the vulnerabilities, major vendors already had patches in place or in the works before the public announcement was made. simply ensuring that the firmware on your network equipment is kept up to date is sufficient to mitigate or remediate against most of these vulnerabilities. (this is why it is important to use trusted brands and keep those support contracts up to date folks).<br />
In at least one of the downgrade attack scenarios (explained in more detail later on), a device is tricked into connecting to a WPA2 network and then a WPA2 exploit is used. This can't be easily fixed but it isn't strictly a WPA3 exploit either.<br />
Unless you're 100% in control of every device connecting to your network (and who is?), you can't update the client side devices. The good news here is that hardly any WPA3 client devices are released yet, so hopefully most will be fixed before anyone even buys them.<br />
<br />
Cisco has already released a statement by the reputable Jerome Henry, saying <a href="https://community.cisco.com/t5/wireless-mobility-blogs/security-vulnerabilities-disclosed-for-sae-handshake-no-update/ba-p/3836147" target="_blank">"Cisco Access points are not affected by any of the vulnerabilities described. The Cisco AireOS and IOS-XE releases that support SAE for WPA3-Personal will also include protection mechanisms against these vulnerabilities. WPA3 clients may need to be updated and Cisco recommends finding the latest information from vendors’ websites."</a><br />
<br />
I will update this page with statements from other vendors as they become available. Personally I'm looking forward seeing a comment from Dan Harkins, the computer scientist who wrote Dragonfly and EAP-pwd, and currently happens to be employed by Aruba Networks.<br />
<blockquote class="tr_bq" style="text-align: center;">
<br />
<span style="font-family: "verdana" , sans-serif;"><b>In summary</b>: The sky isn't falling, keep your network devices up to date, keep your client devices up to date.</span></blockquote>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
You can find more detail about the individual tools below.<br />
<br />
<b>Dragonslayer</b><br />
From the readme: <i>This is an experimental tool to test EAP-pwd implementations for vulnerabilities. We also strongly recommend to perform code inspections to assure all vulnerabilities have been properly addressed.</i><br />
<br />
Should you worry?<br />
No.<br />
Virtually nobody is using EAP-pwd in their Wi-Fi networks. It is rarely even presented as an option. Unless your job involves actually building Wi-Fi devices, you don't need to worry about this.<br />
<br />
<b>Dragondrain</b><br />
From the readme: <i>The Dragondrain tool forges Commit messages to cause a high CPU usage on the target. This can for example be used to drain the battery of a device, or more generally to drain and exhaust resources.</i><br />
<br />
The name is a play on the fact that this is a 'clogging' attack.<br />
<br />
Should you worry?<br />
Not if you keep your network devices up to date.<br />
It is a denial-of-service attack. The authors have already given the solution to the vendors to implement i.e. use a dedicated, low-priority CPU thread to run this task so that the entire CPU can never be impacted.<br />
<br />
<b>Dragontime</b><br />
From the readme: <i>This is an experimental tool to carry out timing attacks against WPA3's SAE handshake. It was created to carry out attacks, not to detect whether an implementation is vulnerable in the first place. It was used to carry out the timing attack against MODP groups 22 and 24 as described in the Dragonblood paper.</i><br />
<i><br /></i>
This vulnerability actually has a CVE allocation: CVE-2019-9494<br />
<br />
Should you worry?<br />
Not too much.<br />
<div>
You don't need to know what MODP (Modular Exponential) groups are, just that they are options implemented in cryptographic algorithms. Three groups have been identified here as being vulnerable while another three groups are suggested to be avoided. This can be fixed in a software patch that simply removes those groups as options (that is if the groups were ever used in the first place - according to the paper there were already <a href="https://tools.ietf.org/html/rfc8247#section-2" target="_blank">known issues since 2017</a> with these groups, so they should have been avoided all along). The authors even state this "Note that most WPA3 implementations by default do not enable these groups"</div>
<div>
<br /></div>
<div>
<b>Dragonforce</b></div>
<div>
This is the tool that takes the information from the other tools and runs something similar to a dictionary attack to retrieve the keys.</div>
<div>
<br /></div>
<div>
<b>What about that 'downgrade attack' mentioned earlier?</b></div>
<div>
It is really difficult to move 20 years' worth of devices to a new encryption scheme, so the WPA3 standard allows for a compatibility mode, or transition mode, of operation where the network will simultaneously support WPA2 and WPA3. The attack in this case involves setting up an 'evil twin' SSID using only WPA2 and the client device connects to it because it knows that WPA2 is still permitted. WPA2 vulnerabilities are then leveraged to discover the keys.</div>
<div>
<br /></div>
<div>
Should you worry?</div>
<div>
No more than you worried yesterday about your WPA2 networks.</div>
<div>
The fix for this needs to come from the manufacturers of client devices. Samsung, Apple, Lenovo, etc. </div>
<div>
As a network operator you can run WIDS/WIPS to guard against this type of attack.</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<b>I'm having trouble sleeping at night, where can I find the full paper?</b></div>
<div>
The full paper has been published at <a href="https://papers.mathyvanhoef.com/dragonblood.pdf">https://papers.mathyvanhoef.com/dragonblood.pdf</a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4481448083719942296.post-70058276652857132302018-11-25T01:27:00.002-08:002018-11-25T01:27:45.299-08:00How To: Upgrade Aruba Airwave<h3>
Introduction</h3>
This post will answer the following 3 questions:<br />
<br />
<ol>
<li><b>How to upgrade</b> Aruba Airwave Server?</li>
<li><b>How long</b> does it take to upgrade Aruba Airwave?</li>
<li>What <b>type and duration of outage</b> can be expected during the upgrade of Aruba Airwave?</li>
</ol>
<div>
The example below shows the actual output from a real upgrade of AMP from version 8.5 to version 8.2.7.1 in a single server environment (no Glass). This specific server is a virtual appliance hosted on Hyper-V.</div>
<div>
<br /></div>
<div>
As Network administrators we are used to upgrades of firmware on a switch, router or WLC taking a few minutes at the most. When it comes time to upgrade the server software we use, we can be caught off-guard by the lengthy amount of time required and it is unclear when any outage will occur. To help with understanding the process I present to you an annotated output of the upgrade process, including timings.</div>
<div>
</div>
<br />
<h3>
System Output</h3>
<h4>
<span style="background-color: white;">Key:</span></h4>
<div>
<span style="background-color: #cccccc; color: blue;"> System output</span></div>
<div>
<span style="background-color: #cccccc;"><span style="color: #741b47;"> <b>My input</b></span></span></div>
<div>
<span style="color: #38761d;"> My annotations</span></div>
<div>
<span style="color: #38761d;"> </span><span style="color: red;">Outage information</span></div>
<div>
<br /></div>
<div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">
<br /></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">
Before starting the backup, download the nightly backup file from the web GUI to a safe location.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrxr-VXxvn20P_oriFR9aXzRjBwgeYnglXRl2M6qrhcr9UErg4O81tEfDH2knJueLdI2w2hyvvy61ibzBssoElqmpGmhHCmBaiBwBiq0Eme8wZb5f-sA-w-0oz5HGcYOODlPCyS9oHp44/s1600/0.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="132" data-original-width="590" height="88" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrxr-VXxvn20P_oriFR9aXzRjBwgeYnglXRl2M6qrhcr9UErg4O81tEfDH2knJueLdI2w2hyvvy61ibzBssoElqmpGmhHCmBaiBwBiq0Eme8wZb5f-sA-w-0oz5HGcYOODlPCyS9oHp44/s400/0.jpg" width="400" /></a></div>
<br /></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">
<br /></div>
<div class="MsoNormal" style="background-color: white; font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="color: #38761d;">T = time of initial login to CLI</span></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">
<br /></div>
<div class="MsoNormal" style="background-color: white; color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">
<br /></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">login as: <span class="m_2924105180811670993SpellE">ampadmin</span><u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Authorised access only. Managed by <span class="m_2924105180811670993SpellE">xyzabc</span>.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><span class="m_2924105180811670993SpellE">ampadmin@server's</span> password:<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Last login: Fri Sep 14 13:49:46 2018 from server<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Loading Menu...<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><span class="m_2924105180811670993SpellE">AirWave</span> Management Platform 8.2.5 on <span class="m_2924105180811670993SpellE">servername</span><u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 1 Upload File<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 2 Download File<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 3 Delete File<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 4 Backup<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 5 Restore<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 6 Support<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 7 Upgrade<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 8 Advanced<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 9 Security<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">10 Custom Commands<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> q >> Quit<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Your choice: </span><span style="color: #741b47;"><b>7</b></span><span style="color: blue;"><u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Upgrade<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 1 Upgrade <span class="m_2924105180811670993SpellE">AirWave</span> Management Platform<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 2 Upgrade OS Kernel<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> b >> Back<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Your choice:</span><b style="color: #741b47;"> 1</b><span style="color: blue;"><u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Running Upgrade <span class="m_2924105180811670993SpellE">AirWave</span> Management Platform<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">AMP version: 8.2.7.1<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Running [/<span class="m_2924105180811670993SpellE">usr</span>/local/airwave/bin/<span class="m_2924105180811670993SpellE">start_<wbr></wbr>amp_upgrade</span> -f /<span class="m_2924105180811670993SpellE">var</span>/<span class="m_2924105180811670993SpellE">ampcli</span>/user -v 8.2.7.1]...<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Upgrade script AMP-8.2.7.1-amp_upgrade was not found in local cache.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Upgrade package AMP-8.2.7.1-x86_64-cvs.tar.gz was not found in local cache.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Upgrade package will be downloaded from the internet...<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Do you use proxy server? (y/N): </span><b><span style="color: #741b47;">N</span></b><span style="color: blue;"><u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Download upgrade package from:<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 1. Aruba Support Portal<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 2. HPE My Networking Portal<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Enter your choice (1 or 2): </span><b><span style="color: #741b47;">1</span></b><span style="color: blue;"><u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Preparing to connect to Aruba Support Portal...<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Enter your Aruba Support Portal username: </span><span style="color: #741b47;"><b><span class="m_2924105180811670993SpellE">USERNAMEgoesHERE</span>/PW Prompt not shown</b></span><span style="color: blue;"><u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">##############################<wbr></wbr>##############################<wbr></wbr>############ 100.0%<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Upgrade package AMP-8.2.7.1-x86_64-cvs.tar.gz was not found in local cache.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Checking <span class="m_2924105180811670993SpellE">iptables</span>.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span>
<span style="background-color: white; color: #38761d;">T + 2 minutes</span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Checking the database schema.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: white; color: #38761d;">T + 5 minutes</span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Preparing to connect to Aruba Support Portal...<u></u><u></u></span></span><br />
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span>
<span style="background-color: white; color: #38761d;">T + 20 minutes (the progress bar stays on a single line unless you hit enter)</span><br />
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">########################## <wbr></wbr> <wbr></wbr> 36.9%<u></u><u></u></span></span><br />
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span>
<span style="background-color: white; color: #38761d;">T + 32 minutes (this part takes a while)</span><br />
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">##############################<wbr></wbr>############################ <wbr></wbr> 81.1%<u></u><u></u></span></span><br />
<br />
<span style="background-color: white; color: #38761d;">T + 40 minutes (phew, finally)</span><br />
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">##############################<wbr></wbr>##############################<wbr></wbr>############ 100.0%<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Validating the upgrade package...<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Verifying authenticity of the upgrade package....<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Verifying signature....<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Good Signature....<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Verifying checksum....<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Upgrade package verified....<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Upgrading AMP to version 8.2.7.1 from version 8.2.5...<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Detailed log will be written to /<span class="m_2924105180811670993SpellE">var</span>/log/upgrade/AMP-8.2.7.1-<wbr></wbr>upgrade.log<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">STEP 1: Moving old version aside.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">STEP 2: Unpacking upgrade package.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">STEP 3: Checking for compatibility.<u></u><u></u></span></span><br />
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span>
<span style="background-color: white; color: #38761d;">T + 45 minutes</span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">STEP 4: Stopping AMP services<u></u></span></span><br />
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span>
<span style="background-color: white; color: #38761d;">T + 46 minutes</span><br />
<span style="background-color: white;"><span style="color: red;">46 minutes after starting the upgrade, Airwave Application is unavailable. </span></span><br />
<span style="background-color: white;"><span style="color: red;">The Airwave server itself is still up and responding to ICMP monitoring, and for some time also HTTP monitoring.</span></span><br />
<span style="background-color: white;"><span style="color: red;">As shown in the screenshot below: the browser which was displaying Airwave GUI is still reachable but shows a 502 error in the frame.</span></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhheaCe157mQEj5jHenKoqTonrez-wMu54GOzn3BoVozBgvcWNc4R1WtkVrzxhyz0wilySa5thOQgC7mFtDZm8MGNl8fjCEID593Ey4s-3XNazqWvYRuIcUmFFzjoWRMDd6EMmcY2q-dDg/s1600/6.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="135" data-original-width="741" height="72" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhheaCe157mQEj5jHenKoqTonrez-wMu54GOzn3BoVozBgvcWNc4R1WtkVrzxhyz0wilySa5thOQgC7mFtDZm8MGNl8fjCEID593Ey4s-3XNazqWvYRuIcUmFFzjoWRMDd6EMmcY2q-dDg/s400/6.jpg" width="400" /></a></div>
<span style="background-color: white;"><span style="color: red;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">STEP 5: Installing upgrade.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: white; color: #38761d;">T + 55 minutes. Still installing the upgrade. Waiting patiently. No useful feedback on terminal.</span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">******************************<wbr></wbr>******************************<wbr></wbr>***<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Updated kernel packages that fix various security issues are now<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">available for your OS. To upgrade, select 'Upgrade' menu item on the AMPCLI Menu,<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">and then choose 'Upgrade OS Kernel' menu item.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">For more information refer to the security advisory:<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> <a data-saferedirecturl="https://www.google.com/url?q=https://access.redhat.com/errata/RHSA-2018:2390&source=gmail&ust=1543220466655000&usg=AFQjCNFuSvRgXsIkXQ_vqi122kT_pWBl0w" href="https://access.redhat.com/errata/RHSA-2018:2390" target="_blank">https://access.redhat.com/<wbr></wbr>errata/RHSA-2018:2390</a><u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">******************************<wbr></wbr>******************************<wbr></wbr>***<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span>
<span style="background-color: white; color: #38761d;">T + 57 minutes. Upgrade complete</span><br />
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">STEP 6: Restarting AMP services.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">******************************<wbr></wbr>****************<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Post upgrade schema check is in progress..<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">This may take a few minutes..<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">******************************<wbr></wbr>****************<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: white; color: #38761d;">T + 59 minutes.</span><br />
<span style="background-color: white;"><span style="color: red;">Services are back up (verify by logging in to web GUI). 13 minutes of actual application outage time so far, and server stayed up the entire time. 😏</span></span><br />
<span style="background-color: white;"><span style="color: red;"><br /></span></span>
<span style="background-color: white;"><span style="color: red;"><b>But wait!</b> There was a prompt to also upgrade the OS Kernel. Looks like we're in for a full reboot after all. 😫.</span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Upgrade from 8.2.5 to 8.2.7.1 is successful.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Hit <enter> to continue<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Hit enter to continue, 's' to show output, 'r' to show return code.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Upgrade<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 1 Upgrade <span class="m_2924105180811670993SpellE">AirWave</span> Management Platform<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 2 Upgrade OS Kernel<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> b >> Back<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Your choice: </span><span style="color: #741b47;"><b>2</b></span><span style="color: blue;"><u></u><u></u></span></span><br />
<span style="background-color: #cccccc;"><span style="color: #741b47;"><b><br /></b></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: white; color: #38761d;">T + 1 hour 02 minutes</span><br />
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Running Upgrade OS Kernel<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">A newer version of the kernel is available. If you choose to upgrade<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">you will need to reboot the system for the change to take effect.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Upgrade the kernel? (y/N) </span><span style="color: #741b47;">y</span><span style="color: blue;"><u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Preparing... ##############################<wbr></wbr>############# [100%]<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 1:kernel-firmware ##############################<wbr></wbr>############# [ 33%]<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 2:kernel ##############################<wbr></wbr>############# [ 67%]<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> 3:kernel-headers ##############################<wbr></wbr>############# [100%]<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">The kernel has been upgraded successfully.<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span>
<span style="background-color: white; color: #38761d;">T + 1 hour 04 minutes. (wow that kernel upgrade was really quick compared to the application upgrade)</span><br />
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Reboot now? (y/N) </span><b><span style="color: #741b47;">y</span></b><span style="color: blue;"><u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Are you sure? (y/N) </span><span style="color: #741b47;"><b>y</b></span><span style="color: blue;"><u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Broadcast message from <span class="m_2924105180811670993SpellE">ampadmin@servername</span><u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"> (/dev/pts/0) at 10:44 ...<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">The system is going down for reboot NOW!<u></u><u></u></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;"><br /></span></span></div>
<div class="MsoNormal" style="font-family: arial, helvetica, sans-serif; font-size: small;">
<span style="background-color: #cccccc;"><span style="color: blue;">Hit enter to continue, 's' to show output, 'r' to show return code.</span></span><br />
<span style="background-color: #cccccc;"><span style="color: blue;"><end of output></span></span></div>
</div>
<br />
<span style="color: red; font-family: arial, helvetica, sans-serif;"><span style="background-color: white;">At this point the server reboots and the SSH session is lost. Now the server is hard down.</span></span><br />
<span style="color: red; font-family: arial, helvetica, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="background-color: white; color: #38761d; font-family: arial, helvetica, sans-serif;">T + 1 hour 07 minutes</span><br />
<span style="color: red; font-family: arial, helvetica, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="color: red; font-family: arial, helvetica, sans-serif;"><span style="background-color: white;">The server is back up after only a couple of minutes. The services will take some time to start up.</span></span><br />
<span style="color: red; font-family: arial, helvetica, sans-serif;"><span style="background-color: white;"><br /></span></span>
<span style="background-color: white; color: #38761d; font-family: arial, helvetica, sans-serif;"><b>T + 1 hour 10 minutes </b></span><br />
<span style="background-color: white; color: #38761d; font-family: arial, helvetica, sans-serif;"><br /></span>
<span style="background-color: white; color: red; font-family: arial, helvetica, sans-serif;"><b>Done!</b> The application is back up and running and verified.</span><br />
<h3>
<br /></h3>
<h3>
Conclusion</h3>
<div>
The Airwave upgrade process is heavily scripted by Aruba and doesn't need much interaction after starting the upgrade. In fact I only touched the keyboard a handful of times and mostly for y/n input. The upgrade does always take a lot longer than I expect which I why I decided to document it this time.</div>
<div>
<br /></div>
<div>
There were 2 outages: 13 minutes while the application upgraded and another of 6 minutes for the OS reboot.</div>
<div>
<br /></div>
<div>
Despite the fact that I had allocated a 1 hour outage window for this change (which I thought was overly generous at the time, ha), I ran over the window with the second part of the outage actually falling outside of that window, ouch.</div>
<div>
<br /></div>
<div>
Other factors that could possibly impact the upgrade duration are the size of the database and the specs of the VM resources allocated.</div>
<div>
<br /></div>
<div>
Note that the application can be upgraded by firstly downloading the file from Aruba or HPE website then uploading locally to Airwave, then starting the process. I have not yet timed that method.</div>
<div>
<br /></div>
<div>
Note also that the RHEL kernel can be upgraded at any time from the AMPCLI menu, it does not need to happen as part of the application upgrade.</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4481448083719942296.post-36590829314991942072018-10-12T23:18:00.000-07:002018-11-25T00:08:59.960-08:00How To: Using ArubaOS8 API with PowerShell<h3>
Introduction</h3>
This guide explains:<br />
<ul>
<li>the basics of the ArubaOS8 API, </li>
<li>specifics of interacting with the ArubaOS8 API when using PowerShell, </li>
<li>some general quirks regarding PowerShell usage common to this and other API services </li>
</ul>
<br />
HPE Aruba's AOS8, starting with v8.0.0, includes a powerful web API which provides both GET and SET capabilities, and also the ability to run show commands which returns structured JSON.<br />
<br />
Aruba has published API documentation, which is available from the support site <a href="https://www.arubanetworks.com/techdocs/ArubaOS_83_Web_Help/Content/PDFs/ArubaOS%208.3.0.x%20API%20Guide.pdf">(API PDF)</a>.<br />
<br />
What struck me with this, as with many API guides, is that the examples are shown only with cURL. I work in and with Windows-centric organisations and I really need to see examples using PowerShell, so I've gone through the guide and selected a few commands to recreate in PowerShell.<br />
<br />
Some notes before we begin:<br />
<br />
<ol>
<li>On my test device I have a self-signed certificate. If I were using cURL then I could simply use the <i>--insecure</i> flag to skip the certificate check. There is no equivalent switch on PowerShell's Invoke-WebRequest/Invoke-RestMethod commands. I use the method described in the comments of <a href="https://stackoverflow.com/questions/36456104/invoke-restmethod-ignore-self-signed-certs">this Stackoverflow page</a> as a workaround. If anyone knows an easier way, please let me know in the comments.</li>
<li>All examples below are based on standalone Mobility Controller. A slight variation to the URI is required when connecting to a Mobility Master environment. This is explained clearly in the API docs.</li>
<li>A dedicated API local user account with read-only privileges has been configured on the standalone controller.</li>
<li>Variables $t1, $t2, $t3 etc. are just variables I use to keep my example outputs separate from one another, as opposed to my other favourite method of calling everything <i>$test</i> ;)</li>
</ol>
<b>Important disclaimer</b>: I do not claim to be an expert in scripting PowerShell or any other language. At best I'm a tinkerer who can hack enough code together to make my own life easier. Anything copied from here is used at your own risk.<br />
<ol>
</ol>
<h3>
Step 1: Set up some reusable objects</h3>
<br />
<code>
</code>
<br />
<div>
<code>#Set variables</code></div>
<code>
</code>
<br />
<div>
<div>
<code>$WLC_IP = '10.13.7.4'</code></div>
<div>
<code>$API_BASE_URI = 'https://'+$WLC_IP+':4343/v1'</code></div>
<div>
<code>$DeviceUsername = "apiuser"</code></div>
<div>
<code>$DevicePassword = "supersecretpassword"</code><br />
<code><br /></code></div>
</div>
<code>
</code>
<br />
<div>
</div>
<code>
</code>
<br />
<ul>
<li>We've defined the IP address of the AOS8 device. We could also use the FQDN here.</li>
<li>We've used that IP/FQDN to build a string that will be used in every call.</li>
<li>We've defined the username and password of the account mentioned in Note 3</li>
</ul>
<div>
<br /></div>
<h3>
Step 2: Run the self-signed certificate workaround</h3>
<div>
<span style="color: red;">EDIT 13-Oct-18: From Powershell v6 and above (Powershell Core), we now have a new</span></div>
<div>
<span style="color: red;"><b>-SkipCertificateCheck</b> flag available on Invoke-WebRequest and Invoke-RestMethod, so this step can be skipped. This is great news for lab work with self-signed certs. Remember that this is not a substitute for installing a proper cert.</span></div>
<div>
<ul>
<li>There are also several other methods to be found with a web search</li>
<li>As described in Note 1. <a href="https://stackoverflow.com/questions/36456104/invoke-restmethod-ignore-self-signed-certs">That StackOverflow link again</a></li>
<li>This is only required once per session, but for convenience I save it as a separate .ps script and leave a reference to it in my script, and it runs every time.</li>
<li>Recommendations for better methods are welcome. Of course the best method is to have a proper TLS certificate installed on the device :)</li>
</ul>
</div>
<div>
<pre class="lang-bsh prettyprint prettyprinted" style="background-color: #eff0f1; border: 0px; box-sizing: inherit; color: #393318; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 1em; max-height: 600px; overflow: auto; padding: 5px; vertical-align: baseline; width: auto; word-wrap: normal;"><code style="border: 0px; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;"><span class="kwd" style="border: 0px; box-sizing: inherit; color: #101094; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">if</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> </span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">(-</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">not</span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">(</span><span class="str" style="border: 0px; box-sizing: inherit; color: #7d2727; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">"dummy"</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> </span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">-</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">as </span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">[</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">type</span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">]))</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> </span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">{</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">
add</span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">-</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">type </span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">-</span><span class="typ" style="border: 0px; box-sizing: inherit; color: #2b91af; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">TypeDefinition</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> </span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">@</span><span class="str" style="border: 0px; box-sizing: inherit; color: #7d2727; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public static class Dummy {
public static bool ReturnTrue(object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors) { return true; }
public static RemoteCertificateValidationCallback GetDelegate() {
return new RemoteCertificateValidationCallback(Dummy.ReturnTrue);
}
}
"</span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">@</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">
</span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">}</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">
</span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">[</span><span class="typ" style="border: 0px; box-sizing: inherit; color: #2b91af; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">System</span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">.</span><span class="typ" style="border: 0px; box-sizing: inherit; color: #2b91af; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Net</span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">.</span><span class="typ" style="border: 0px; box-sizing: inherit; color: #2b91af; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">ServicePointManager</span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">]::</span><span class="typ" style="border: 0px; box-sizing: inherit; color: #2b91af; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">ServerCertificateValidationCallback</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> </span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">=</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> </span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">[</span><span class="pln" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">dummy</span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">]::</span><span class="typ" style="border: 0px; box-sizing: inherit; color: #2b91af; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">GetDelegate</span><span class="pun" style="border: 0px; box-sizing: inherit; color: #303336; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">()</span></code></pre>
</div>
<br />
<div>
<br /></div>
<div>
<h3>
Step 3: Log in to the device</h3>
<code>
#Login to device using previously defined variables<br />
$session = Invoke-RestMethod -Uri "${API_BASE_URI}/api/login" -Method Post -Body "username=$DeviceUsername&password=$DevicePassword" -SessionVariable api_session</code></div>
<div>
</div>
<br />
<div>
<br />
<ul>
<li>This result of this entire Invoke-RestMethod call will be JSON saved into a variable named <i>$session.</i></li>
<li>Take special note of the part at the end where we declared a Session Variable and named it "<i>api_session</i>". We'll be referencing that variable again in every step to follow. This is how PowerShell keeps track of all our web sessions.</li>
</ul>
Here is what the <i>$session</i> data looks like:<br />
<ul>
</ul>
</div>
<div>
<div>
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">_global_result </span></div>
<div>
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">-------------- </span></div>
<div>
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">@{status=0; status_str=You've logged in successfully.; UIDARUBA=6cd9028f-f3ea-434d-b3ac-a13385537b0fad}</span></div>
<div>
<span style="font-family: "times" , "times new roman" , serif;"><br /></span></div>
</div>
<div>
<span style="font-family: "times" , "times new roman" , serif;"><br /></span></div>
<div>
<span style="font-family: "times" , "times new roman" , serif;">and here is what the <i>$api_session</i> created on my machine looks like:</span></div>
<div>
<span style="font-family: "times" , "times new roman" , serif;"><br /></span></div>
<div>
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">Headers : {}</span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">Cookies : System.Net.CookieContainer</span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">UseDefaultCredentials : False</span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">Credentials : </span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">Certificates : </span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">UserAgent : Mozilla/5.0 (Windows NT; Windows NT 10.0; en-NZ) WindowsPowerShell/5.1.15063.1209</span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">Proxy : </span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">MaximumRedirection : -1</span><br />
<span style="font-family: "times" , "times new roman" , serif;"><br /></span></div>
<div>
<h3>
<span style="font-family: "times" , "times new roman" , serif;">
Step 4: Obtain the UID key and save it for future use</span></h3>
</div>
<div>
<div>
<span style="font-family: "times" , "times new roman" , serif;">The JSON response of <i>$session </i>data from the previous step can now be interrogated for the security cookie needed for subsequent queries.</span><br />
<span style="font-family: "times" , "times new roman" , serif;"><br /></span>
<code><span style="font-family: "times" , "times new roman" , serif;">
#get the UID key session cookie from the login response</span></code></div>
<div>
<span style="font-family: "times" , "times new roman" , serif;">$UIDARUBA = $session._global_result.UIDARUBA</span></div>
</div>
<span style="font-family: "times" , "times new roman" , serif;"><br /></span>
<span style="font-family: "times" , "times new roman" , serif;">We now have an authenticated session, with a cookie. We can now proceed to do stuff!</span><br />
<span style="font-family: "times" , "times new roman" , serif;"><br /></span>
<br />
<h3>
<span style="font-family: "times" , "times new roman" , serif;">
Step 5: Containers and Objects (complete lists)</span></h3>
<span style="font-family: "times" , "times new roman" , serif;">Explaining in detail what Containers and Objects do is best left to the formal documentation.</span><br />
<span style="font-family: "times" , "times new roman" , serif;">To briefly summarise: We can run a GET against either a Container or an Object. Containers are around a dozen or so groups of objects categories. Objects are specific items, with over 1000 available for query.</span><br />
<span style="font-family: "times" , "times new roman" , serif;"><br /></span>
<span style="font-family: "times" , "times new roman" , serif;"><br /></span>
<br />
<ul>
<li><span style="font-family: "times" , "times new roman" , serif;">Note how the <i>$API_BASE_URI</i>, the <i>$api_session</i>, and the <i>$UIDARUBA </i>variables all come together now...</span></li>
</ul>
<span style="font-family: "times" , "times new roman" , serif;"><br /></span>
<span style="font-family: "times" , "times new roman" , serif;"><br /></span>
<code><span style="font-family: "times" , "times new roman" , serif;">
#Get complete List of Containers<br />
$t1 = Invoke-RestMethod -Uri "${API_BASE_URI}/configuration/container?UIDARUBA=$UIDARUBA" -Method Get -WebSession $api_session<br />
<br />
Get complete List of Objects (may take many seconds to run)<br />
$t2 = Invoke-RestMethod -Uri "${API_BASE_URI}/configuration/object?UIDARUBA=$UIDARUBA" -Method Get -WebSession $api_session</span></code><br />
<span style="font-family: "times" , "times new roman" , serif;"><br /></span>
<span style="font-family: "times" , "times new roman" , serif;"><code>
</code>There are way too many Containers and Objects to show here, but I'll show you a snippet of my list:</span><br />
<h4>
<span style="font-family: "times" , "times new roman" , serif;">Containers:</span></h4>
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">WAN : @{name=WAN; help=Compression, Health Check, Uplink Management}</span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">LoadBal-Redun : @{name=Load Balancing & Redundancy; help=Clustering, High Availability, VRRP}</span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">WLAN : @{name=Wireless LAN; help=AP Group, Client Match, Hotspot, IDS, Mcell, Mesh, Mobility, RF, SSID, </span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;"> Virtual AP}</span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">Services : @{name=Services; help=ALE, Airgroup, Lync, Openflow, SDN}</span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">AP-Provisioning : @{name=AP Provisioning; help=AP Provisioning, AP Whitelist, Provisioning Profile}</span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">Unknown : @{name=Unknown; help=Fix these objects, catchall container}</span><br />
<span style="background-color: #cccccc; color: blue; font-family: "times" , "times new roman" , serif;">Interfaces : @{name=Interfaces; help=Physical/Logical/Loopback Interfaces, Tunnels and USB/Modem Interfaces}</span><br />
<br />
<h4>
Objects:</h4>
<span style="background-color: #cccccc; color: blue;"> "arm_error_rate_threshold": {</span><br />
<span style="background-color: #cccccc; color: blue;"> "error-rate-threshold": {</span><br />
<span style="background-color: #cccccc; color: blue;"> "_min": 0, </span><br />
<span style="background-color: #cccccc; color: blue;"> "_type": "INT", </span><br />
<span style="background-color: #cccccc; color: blue;"> "_max": 100, </span><br />
<span style="background-color: #cccccc; color: blue;"> "_default_val": 70, </span><br />
<span style="background-color: #cccccc; color: blue;"> "_help": "% min rate for error in channel that triggers a channel change. Default 70. Recommended value 70"</span><br />
<span style="background-color: #cccccc; color: blue;"> }</span><br />
<span style="background-color: #cccccc; color: blue;"> }, </span><br />
<span style="background-color: #cccccc; color: blue;"> "arm_error_rate_wait_time": {</span><br />
<span style="background-color: #cccccc; color: blue;"> "error-rate-wait-time": {</span><br />
<span style="background-color: #cccccc; color: blue;"> "_min": 0, </span><br />
<span style="background-color: #cccccc; color: blue;"> "_type": "INT", </span><br />
<span style="background-color: #cccccc; color: blue;"> "_max": 2147483647, </span><br />
<span style="background-color: #cccccc; color: blue;"> "_default_val": 90, </span><br />
<span style="background-color: #cccccc; color: blue;"> "_help": "Minimum time in seconds error rate has to be high to trigger a channel change. Default: 90."</span><br />
<span style="background-color: #cccccc; color: blue;"> }</span><br />
<span style="background-color: #cccccc; color: blue;"> }, </span><br />
<span style="background-color: #cccccc; color: blue;"> "channel_quality_aware_arm": {}, </span><br />
<span style="background-color: #cccccc; color: blue;"> "arm_channel_quality_threshold": {</span><br />
<span style="background-color: #cccccc; color: blue;"> "channel-quality-threshold": {</span><br />
<span style="background-color: #cccccc; color: blue;"> "_min": 0, </span><br />
<span style="background-color: #cccccc; color: blue;"> "_type": "INT", </span><br />
<span style="background-color: #cccccc; color: blue;"> "_max": 100, </span><br />
<span style="background-color: #cccccc; color: blue;"> "_default_val": 70, </span><br />
<span style="background-color: #cccccc; color: blue;"> "_help": "Channel quality below which triggers a channel change. Default 70%."</span><br />
<span style="background-color: #cccccc; color: blue;"> }</span><br />
<br />
We now have the complete lists of Containers and Objects. Educational but not very useful in itself, so on to the next step.
<br />
<div>
<br />
<h3>
Step 6: Some specific examples of Containers</h3>
We've seen the list of all containers, now lets get a couple of specific containers and extract some specific information from them<br />
<br />
<code>
#Get Info of specific Container (example: Interfaces)<br />
$t3 = Invoke-RestMethod -Uri "${API_BASE_URI}/configuration/container/Interfaces?UIDARUBA=$UIDARUBA" -Method Get -WebSession $api_session<br />
<br />
#Get Info of specific Container (example: Crypto)<br />
$t4 = Invoke-RestMethod -Uri "${API_BASE_URI}/configuration/container/Crypto?UIDARUBA=$UIDARUBA" -Method Get -WebSession $api_session</code></div>
<div>
</div>
<br />
<div>
<br />
<ul>
<li>We've grabbed all the info from the <i>Interfaces</i> container</li>
<li>We've grabbed all the info from the <i>Crypto</i> container</li>
<li>Woohoo, now we are getting some useful data about our device!</li>
</ul>
Let's check that <i>Interfaces</i> JSON for VLAN info:<br />
<br />
<code>
#Example: show VLAN Names<br />
$t3._data.vlan_name_id<br />
<br />
</code>
<br />
<br />
Here is the VLAN info on my system:<br />
<div style="text-align: justify;">
<span style="background-color: #cccccc; color: blue;">name vlan-ids</span></div>
<div style="text-align: justify;">
<span style="background-color: #cccccc; color: blue;">---- --------</span></div>
<div style="text-align: justify;">
<span style="background-color: #cccccc; color: blue;">Corp-SSID 241 </span></div>
<div style="text-align: justify;">
<span style="background-color: #cccccc; color: blue;">BYOD-SSID 244 </span></div>
<div style="text-align: justify;">
<span style="background-color: #cccccc; color: blue;">Guest-Legacy 100 </span></div>
<div style="text-align: justify;">
<span style="background-color: #cccccc; color: blue;">Corp-Legacy 28 </span></div>
<div style="text-align: justify;">
<span style="background-color: #cccccc; color: blue;">Guest-SSID 242 </span></div>
<div style="text-align: justify;">
<span style="background-color: #cccccc; color: blue;">FrontageMain 20 </span></div>
<div style="text-align: justify;">
<span style="background-color: #cccccc; color: blue;"><br /></span></div>
<h3>
Step 7: Some specific examples of Objects (with optional filtering)</h3>
<div>
Note: The syntax for filtering can get a little complicated, please refer to the full API documentation for details on that.</div>
<div>
<br /></div>
<code>
#Get Info of specific Objects (example: Int VLAN)<br />
$t5 = Invoke-RestMethod -Uri "${API_BASE_URI}/configuration/object/int_vlan?UIDARUBA=$UIDARUBA" -Method Get -WebSession $api_session<br />
<br />
<br />
#Get Info of specific Objects with filter (example: Int VLAN, filter IP addr and MTU)<br />
#URI Needs a bit of massaging due to so many nested quotation marks. There is definitely a better way to do this!<br />
$t6uri1 = '/configuration/object/int_vlan?&filter=[ {"OBJECT" : { "$eq" : ["int_vlan.int_vlan_ip", "int_vlan.int_vlan_mtu"] } } ]&'<br />
$t6uri2 = "${API_BASE_URI}${t6uri1}"<br />
$t6 = Invoke-RestMethod -Uri "${t6uri2}UIDARUBA=$UIDARUBA" -Method Get -WebSession $api_session<br />
<br />
</code>
<br />
We can compare the responses and clearly see that the filtering is effective:<br />
<span style="background-color: #cccccc; color: blue;">PS C:\> $t5._data</span><br />
<span style="background-color: #cccccc; color: blue;"><br /></span>
<span style="background-color: #cccccc; color: blue;">int_vlan </span><br />
<span style="background-color: #cccccc; color: blue;">-------- </span><br />
<span style="background-color: #cccccc; color: blue;">{@{id=1; int_vlan_shut=; int_vlan_routing=; int_vlan_ndra_hlimit=; int_vlan_ndra_interval=; int_vlan_ndra_ltime=; int_vlan_ndra_mtu=; int_vlan_nd_reachtime=; int_vlan_nd_rtrans_t...</span><br />
<span style="background-color: #cccccc; color: blue;"><br /></span>
<span style="background-color: #cccccc; color: blue;"><br /></span>
<span style="background-color: #cccccc; color: blue;"><br /></span>
<span style="background-color: #cccccc; color: blue;">PS C:\> $t6._data</span><br />
<span style="background-color: #cccccc; color: blue;"><br /></span>
<span style="background-color: #cccccc; color: blue;">int_vlan </span><br />
<span style="background-color: #cccccc; color: blue;">-------- </span><br />
<span style="background-color: #cccccc; color: blue;">{@{id=1; int_vlan_mtu=}, @{id=20; int_vlan_ip=; int_vlan_mtu=}, @{id=240; int_vlan_ip=; int_vlan_mtu=}, @{id=241; int_vlan_mtu=}...}</span><br />
<div>
<br /></div>
There is a bunch of info available about the interfaces. Next we use regular PowerShell syntax to view the one or all interfaces:<br />
<br />
<span style="background-color: #cccccc; color: blue;">PS C:\> $t5._data.int_vlan[1]</span><br />
<span style="background-color: #cccccc; color: blue;"><br /></span>
<span style="background-color: #cccccc; color: blue;"><br /></span>
<span style="background-color: #cccccc; color: blue;">id : 20</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_ip : @{ipaddr=10.13.7.4; ipparams=ipaddrmask; ipmask=255.255.255.0}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_routing : @{_present=True; _flags=}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_ndra_hlimit : @{_flags=; value=64}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_ndra_interval : @{_flags=; value=600}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_ndra_ltime : @{_flags=; value=1800}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_ndra_mtu : @{_flags=; value=1500}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_nd_reachtime : @{_flags=; value=0}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_nd_rtrans_time : @{_flags=; value=0}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_mtu : @{_flags=; value=1500}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_suppress_arp : @{_present=True; _flags=}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_ip_ospf_cost : @{_flags=; value=1}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_ip_ospf_dead_interval : @{_flags=; value=40}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_ip_ospf_hello_interval : @{_flags=; value=10}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_ip_ospf_prior : @{_flags=; value=1}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_ip_ospf_retransmit_int : @{_flags=; value=5}</span><br />
<span style="background-color: #cccccc; color: blue;">int_vlan_ip_ospf_transmit_delay : @{_flags=; value=1}</span><br />
<br />
<br />
<br />
Let's finally see some IP addresses of this box:<br />
<br />
<code>
#Example: show int VLAN IP from unfiltered response<br />$t5._data.int_vlan[1].int_vlan_ip</code><br />
<code><br /></code>
<span style="background-color: #cccccc; color: blue; font-family: monospace;">PS C:\> $t5._data.int_vlan[1].int_vlan_ip</span><br />
<span style="background-color: #cccccc; color: blue; font-family: monospace;"><br /></span>
<span style="background-color: #cccccc; color: blue; font-family: monospace;">ipaddr ipparams ipmask </span><br />
<span style="background-color: #cccccc; color: blue; font-family: monospace;">------ -------- ------ </span><br />
<span style="background-color: #cccccc; color: blue; font-family: monospace;">10.13.7.4 ipaddrmask 255.255.255.0</span><br />
<code>
<br />
#Example: show int VLAN IP from filtered response<br />
$t6._data.int_vlan[1].int_vlan_ip</code></div>
<div>
<br /></div>
<div>
</div>
<span style="background-color: #cccccc; color: blue; font-family: monospace;">PS C:\> $t6._data.int_vlan[1].int_vlan_ip</span><br />
<span style="background-color: #cccccc; color: blue; font-family: monospace;"><br /></span>
<span style="background-color: #cccccc; color: blue; font-family: monospace;">ipaddr ipparams ipmask </span><br />
<span style="background-color: #cccccc; color: blue; font-family: monospace;">------ -------- ------ </span><br />
<span style="background-color: #cccccc; color: blue; font-family: monospace;">10.13.7.4 ipaddrmask 255.255.255.0</span><br />
<h3>
Step 8: Running any 'Show' command</h3>
<div>
A neat feature of this API is the ability to run any show command, and get the result in a somewhat more structured format than a simple screen-scrape. </div>
<div>
Here is how that looks:</div>
<br />
<code>
#Running any show command (example: '<span style="color: red;">show iap table</span>')<br />$t7 = Invoke-RestMethod -Uri "${API_BASE_URI}/configuration/showcommand?command=show+iap+table&UIDARUBA=$UIDARUBA" -Method Get -WebSession $api_session<br />
#Example: show Up/Down branches<br />$t7._data<br />
#Example: show the table data<br />$t7.'IAP Branch Table'<br />
</code><br />
We've now got two forms of data about the '<i>show iap table</i>' command we sent.<br />
Viewing <i>$t7._data</i> gives us:<br />
<br />
<span style="background-color: #cccccc; color: blue;">PS C:\> $t7._data</span><br />
<span style="background-color: #cccccc; color: blue;">Trusted Branch Validation: Disabled</span><br />
<span style="background-color: #cccccc; color: blue;">Total No of UP Branches : 2</span><br />
<span style="background-color: #cccccc; color: blue;">Total No of DOWN Branches : 0</span><br />
<span style="background-color: #cccccc; color: blue;">Total No of Branches : 2</span><br />
<br />
While viewing <i>$t7.'IAP Branch Table'</i> gives us:<br />
<br />
<span style="background-color: #cccccc; color: blue;">PS C:\> $t7.'IAP Branch Table'</span><br />
<span style="background-color: #cccccc; color: blue;"><br /></span>
<span style="background-color: #cccccc; color: blue;"><br /></span>
<span style="background-color: #cccccc; color: blue;">Assigned Subnet : </span><br />
<span style="background-color: #cccccc; color: blue;">Assigned Vlan : 242,244</span><br />
<span style="background-color: #cccccc; color: blue;">Inner IP : 10.25.2.11</span><br />
<span style="background-color: #cccccc; color: blue;">Name : SiteA-VC</span><br />
<span style="background-color: #cccccc; color: blue;">Status : UP</span><br />
<span style="background-color: #cccccc; color: blue;">VC MAC Address : 20:a6:cd:aa:bb:cc</span><br />
<span style="background-color: #cccccc; color: blue;"><br /></span>
<span style="background-color: #cccccc; color: blue;">Assigned Subnet : </span><br />
<span style="background-color: #cccccc; color: blue;">Assigned Vlan : 242,244</span><br />
<span style="background-color: #cccccc; color: blue;">Inner IP : 10.25.2.10</span><br />
<span style="background-color: #cccccc; color: blue;">Name : SiteB-VC</span><br />
<span style="background-color: #cccccc; color: blue;">Status : UP</span><br />
<span style="background-color: #cccccc; color: blue;">VC MAC Address : 20:a6:cd:dd:ee:ff</span><br />
<span style="background-color: #cccccc; color: blue;"><br /></span>
<br />
What if we just want the status of the SiteB tunnel? Then we simply use <i>$t7.'IAP Branch Table'[1].Status </i>which gives us:<br />
<br />
<span style="background-color: #cccccc; color: blue;">PS C:\> $t7.'IAP Branch Table'[1].Status</span><br />
<span style="background-color: #cccccc; color: blue;">UP</span><br />
<span style="background-color: #cccccc; color: blue;"><br /></span>
<br />
<h3>
Step 9: Logging out</h3>
Practice good hygiene. Always remember to log out!<br />
<br />
<code>
#logout<br />
Invoke-RestMethod -Uri "${API_BASE_URI}/api/logout" -WebSession $api_session<br />
</code><br />
The device replies with a friendly message confirming the log out:<br />
<div>
<br />
<div>
<div>
<span style="background-color: #cccccc; color: blue;">_global_result </span></div>
<div>
<span style="background-color: #cccccc; color: blue;">-------------- </span></div>
<div>
<span style="background-color: #cccccc; color: blue;">@{status=0; status_str=You've been logged out successfully.; UIDARUBA=(null)}</span></div>
<div>
<span style="background-color: #cccccc; color: blue;"><br /></span></div>
<ul>
<li>Note that the structure of the logout command is different to that of the GET requests, and the UIDARUBA security cookie is not required.</li>
</ul>
<h3>
Conclusion</h3>
<div>
These have been a few examples of API GET requests using the AurbaOS8 API and PowerShell. </div>
<div>
<br /></div>
<div>
There is plenty more that can be done with the same API e.g. SET operations, counts, special pagination, viewing pending vs actual data, adding users, a special 'write mem' object, and more. Once again, refer to the officially published API docs and explore the Objects catalogue to understand the full feature set available.</div>
<div>
<br /></div>
<div>
I hope this information has been useful to my fellow PowerShell users. I have already put it into practice for monitoring a specific item that has no SNMP OID attached.<br />
<br />
Please leave your comments below.</div>
<br />
<br />
<br />
<br />
<br />
<br /></div>
</div>
Unknownnoreply@blogger.com0