In this section we will see some of the typical configuration tasks, an admin user would undergo on Day 2 of network operations.

How to create a new vlan and assign IP to that.

Step 1: For creating a new vlan, use vlan_id API

API: POST /object/vlan_id
URL: https://1.1.1.10:4343/v1/configuration/object/vlan_id?config_path=%2Fmm%2Fmynode&UIDARUBA=xxxx

{
"id": 47
}

Step 2: After, the vlan is created, use int_vlan API

API: POST /object/int_vlan
URL: https://1.1.1.10:4343/v1/configuration/object/int_vlan?config_path=%2Fmm%2Fmynode&UIDARUBA=xxxx

{ 
"id": "47", "int_vlan_ip": {"ipaddr": "1.1.1.1", "ipmask": "255.255.255.0" }
}

Adding and deleting users from MCR/MD/Standalone local user database through API.

Useful in External Captive Portal login applications when ClearPass is not used.

Step 1: Add local-userdb

API: POST /object/userdb_add
URL: https://1.1.1.10:4343/v1/configuration/object/userdb_add?config_path=%2Fmm%2Fmynode&UIDARUBA=xxxx

{ 
 "name": "test1", 
 "passwd": "123456"
}

Step 2: Delete local-userdb

API: POST /object/userdb_del
URL: https://1.1.1.10:4343/v1/configuration/object/userdb_del?config_path=%2Fmm%2Fmynode&UIDARUBA=xxxx

{ 
"name": "test1"
}

Set and verify AP-Syslocation change for an AP using APIs

Step 1: Use read_bootinfo API
API: POST /object/read_bootinfo
URL: https://1.1.1.10:4343/v1/configuration/object/read_bootinfo?config_path=%2Fmd&UIDARUBA=xxxx

{ 
  "wired-mac": "ff:ff:ff:ff:ff:ff" 
}

Step 2: Use ap_prov API
API: POST /object/ap_prov
URL: https://1.1.1.10:4343/v1/configuration/object/ap_prov?config_path=%2Fmd&UIDARUBA=xxxx

{ 
  "ap_name": { 
    "ap-name": "AP-515-Floor-1" 
  }, 
  "syslocation": { 
    "location": "Floor-1-west" 
  } 
}

Step 3: Use showcommand API.

API: GET/object/showcommand
URL: https://1.1.1.10:4343/v1/configuration/showcommand?command=show+provisioning-params&UIDARUBA=xxxx

JSON input: No input required

Step 4: Use ap_reprovision API
API: POST /object/ap_reprovision
URL: https://1.1.1.10:4343/v1/configuration/object/ap_reprovision?config_path=%2Fmd&UIDARUBA=xxxx

{ 
  "wired-mac": "ff:ff:ff:ff:ff:ff",
  "ap-name": "AP-515-Floor-1"
  }

Build a custom portal for adding/removing MD via API. How do we do RMA process via APIs?

Step 1: Creating Node hierarchy and adding devices

configuration_node (new node created on mentioned config_path)
API: POST object/configuration_node
URL: https://1.1.1.10:4343/v1/configuration/object/configuration_node?config_path=%2Fmd&UIDARUBA=XXXX

{ 
  "node-path": "<new_node_name>" 
}

configuration_device
API: POST object/configuration_device
URL: https://1.1.1.10:4343/v1/configuration/object/configuration_device?config_path=%2Fmd&UIDARUBA=XXXX

{ 
  "dev-model": "<Device-Model>", 
  "mac-address": "<mac-address>", 
  "config-path": "<config-path>" 
} 
<Device-Model> in the format “A7005”. 
<config-path> is where this device will be added

Step 2: Configuring both the Mobility Conductor and the Managed Device for the IPSEC

Cert based ipsec(on Mobility Conductor):
ipsec_local_factory_cert (Use this endpoint “ipsec_local_custom_cert”, Incase the certificates are used for ipsec)

API: POST object/ipsec_local_factory_cert
URL: https://1.1.1.10:4343/v1/configuration/object/configuration_device?config_path=%2Fmm&UIDARUBA=XXXX

{ 
    "local-mac-address": "<mac-address>" 
}

PSK based ipsec: If more than one local MD is present, adding unique psk key for each MD is recommended for security. (although global psk for all local MDs can be set in Mobility Conductor (using ipsec_localip API) with ip address as 0.0.0.0)
ipsec_localip (Incase, the PSK are used for the ipsec)

API: POST object/ ipsec_localip
URL: https://1.1.1.10:4343/v1/configuration/object/ipsec_localip?config_path=%2Fmm%2Fmynode&UIDARUBA=XXXX

{ 
  "local-switch-ip": "<managed-device-ip>", 
  "localkey": "<ipsec-key>" 
}

Step 3: Allowlisting AP

wdb_cpsec_add_mac / wdb_cpsec_del_mac (This is for allowlisting APs. For RAP it will be wdb_rap_add)

API: POST object/wdb_cpsec_add_mac
URL: https://1.1.1.10:4343/v1/configuration/object/wdb_cpsec_add_mac?config_path=%2Fmm%2Fmynode&UIDARUBA=XXXX

{ 
  "description": "string", 
  "ap_name": "<ap-name>", 
  "ap_group": "<ap-group>", 
  "name": "<mac-address>" 
}

#Currently using snmp_ser_community to update SNMP string and for updating SNMP server host using snmp_ser_host_snmpv2c. How to Delete an old SNMP string name from list using API.

Answer: It will not delete all the entries at once. We need to specify name, portnumber and ipAddress of the snmp server host entry and then include “_action”: “delete”.
Delete flow would begin by doing a GET which return all the existing entries. Then add “_action”: “delete” to every entry that needs to be deleted.

Step 1: Creating Node hierarchy and adding devices

configuration_node (new node created on mentioned config_path)
API: POST object/snmp_ser_host_snmpv2c
URL: https://1.1.1.10:4343/v1/configuration/object/snmp_ser_host_snmpv2c?config_path=%2Fmd&UIDARUBA=XXXX

{ 
  "portnumber": "162", 
  "ipAddress": "1.1.1.1", 
  "name": "test1", 
  "_action": "delete
}

{ 
  "_data": { 
    "snmp_ser_host_snmpv2c": [ 
      { 
        "portnumber": "162", 
        "ipAddress": "1.1.1.1", 
        "name": "test1", 
        "_flags": { 
          "pending": true 
        } 
      } 
    ] 
  } 
}

How to copy flash backup and tar files from Aruba Controller

Answer: This can be achieved via APIs as well as SSH.

Ansible and SSH based connection:

Option 1: flash_backup
API: POST object/flash_backup
URL: https://1.1.1.10:4343/v1/configuration/object/flash_backup?config_path=%2Fmm%2Fmynode&UIDARUBA=XXXX

{ "backup_flash": "flash", "filename": "string"}

Option 2: copy_flash_scp
API: POST object/copy_flash_scp
URL: https://1.1.1.10:4343/v1/configuration/object/copy_flash_scp?config_path=%2Fmm%2Fmynode&UIDARUBA=XXXX

{ 
  "srcfilename": "string", 
  "scphost": "string", 
  "username": "string", 
  "destfilename": "string", 
  "passwd": "string" 
}