Controller-less WLANs

 View Only
last person joined: one year ago 

Articles relating to existing and legacy HPE Aruba Networking products and solutions including IAP, Central / HPE Aruba Networking Central, MSR, and Outdoor Mesh
Back to Library

What are sequence sensitive commands in IAP? How to configure such commands through Instant AP Command Line ? 

Jul 08, 2014 04:30 PM

Question: What are sequence sensitive commands in IAP? How to configure such commands through Instant AP Command Line ?
Environment:  This articles applies to all Aruba Access Points running InstantOS 6.2.1.0.3.3.0.0 or higher.

 

Starting 6.1.2.0-3.3.0.0, Aruba Instant supports the use of Command Line Interface (CLI) for scripting purposes. When you make configuration changes on a master IAP in the CLI, all associated IAPs in the cluster inherit these change and subsequently update their configurations.

The CLI does not support the configuration data exceeding the 4K buffer size in a CLI session; therefore, Aruba recommends that you configure fewer changes at a time and apply the changes at regular intervals
 
The Instant CLI does not support positioning or precedence of sequence-sensitive commands. Therefore, Aruba recommends that you remove the existing configuration before adding or modifying the configuration details for sequence-sensitive commands. You can either delete an existing profile or remove a specific configuration by using
the "no commands".

Following are some of the points to make a note:

  • Configuration changes are allowed only on the Master.
     
  • Sequence sensitive commands should be committed at once.
     
  • CLI does not support auto compete for “exit” and “end”, hence these should be typed fully.
     
  • Uncommitted changes (commands waiting to be applied) should not exceed 4Kb of size.
     
  • Provisioning parameters for IAP cannot be updated through CLI.


Following is an example of a Sequence Sensitive commands in IAP:

For example below is the initial configuration of access-rule named "UPLINK-PORT"

 rule any any match icmp any any deny
 rule 182.82.82.0 255.255.255.0 match tcp 80 80 dst-nat ip 99.99.5.207 999
 rule any any match any any any permit tcp

Incase, if you want to add a new rule in between position 2 and Position 3, then you just cannot append the acl to the existing access-rule. We need to issues "no" command for the existing acl's and then re-add them in the sequence required.  As shown below:


 no rule any any match icmp any any deny
 no rule 182.82.82.0 255.255.255.0 match tcp 81 81 dst-nat ip 99.99.5.207 999
 no rule any any match tcp 78 78 dst-nat ip 12.12.12.12 88
 no rule any any match any any any permit
 rule any any match icmp any any deny
 rule 182.82.82.0 255.255.255.0 match tcp 8 80 dst-nat ip 99.99.5.207 999
 rule any any match tcp 78 78 dst-nat ip 12.12.12.12 88   <<< new config
 rule any any match any any any permit


NOTE: Same effect could be achieved by deleting access rule “UPLINK-PORT”and creating it again.


The following table lists the sequence-sensitive commands and the corresponding "no command"  to remove the configuration.
 
rtaImage.jpg

 

Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.