WLAN - Open SSID
Open SSID Workflow
This Python workflow script automates the configuration of an Open SSID (Opportunistic Wireless Encryption) in New HPE Aruba Networking Central. It creates configuration profiles such as roles and policies in New Central, modifies policy groups and associates policies with them, and generates Open SSID configurations with associated roles. Additionally, it assigns these configurations to the appropriate scopes, whether site or global, and moves devices into the site with the Open SSID configuration to ensure they inherit the profile.
Installation
Setting up a Virtual Environment
# Create a virtual environment
python -m venv venv
# Activate the virtual environment
# On Windows:
venv\Scripts\activate
# On macOS/Linux:
source venv/bin/activate
# Install dependencies
pip install -r requirements.txt
Configuration Files
account_credentials.yaml
This file contains the credentials required to authenticate with Aruba Central.
new_central:
base_url: <your_base_url>
client_id: <your_client_id>
client_secret: <your_client_secret>
classic:
base_url: <your_base_url>
classic_account_credentials.yaml
This file contains the credentials required to authenticate with the Classic Aruba Central API.
central_info:
base_url: <your_classic_central_base_url>
token:
access_token: <your_classic_central_token>
ssl_verify: true
wlan_overlay_profiles.yaml
This file contains the configuration details for the Open SSID workflow.
site_details:
name: "Open-SSID-Site"
address: "6280 America Center Dr"
city: "San Jose"
state: "California"
country: "United States"
zipcode: "95002"
timezone: "America/Los_Angeles"
role_details:
role:
- name: "open-ssid-role"
description: "open-ssid-role description"
policy_details:
policy:
- name: "open-ssid-policy"
type: "POLICY_TYPE_SECURITY"
description: "open-ssid-policy description"
security-policy:
type: "SECURITY_POLICY_TYPE_DEFAULT"
policy-rule:
- position: 1
description: "Allow All"
condition:
type: "CONDITION_DEFAULT"
rule-type: "RULE_ANY"
source:
type: "ADDRESS_ROLE"
role: "open-ssid-role"
destination:
type: "ADDRESS_ANY"
action:
type: "ACTION_ALLOW"
policy_group_details:
policy-group:
policy-group-list:
- name: "open-ssid-policy"
position: 4
description: "open-ssid-policy description"
ssid_details:
wlan-ssid:
- ssid: "open-ssid-wlan"
enable: true
forward-mode: "FORWARD_MODE_BRIDGE"
opmode: "ENHANCED_OPEN"
default-role: "open-ssid-role"
⚠️ Important Note: Ensure that the
site_detailssection is properly configured. Thessidvariable is the name of your wlan ssid profile. Thedefault-roleshould match the name of therole_detailsrole name so that the role created in this workflow is correctly applied to the wlan ssid profile when it is created. An Open SSID must have theenableparameter set to true in order to enable the SSID profile. Theopmodeor operation mode must be set to either OPEN: no authentication and encryption or ENHANCED_OPEN: Improved data encryption in open Wi-Fi networks and protects data from sniffing. Enhanced open replaces open system as the default opmode.
inventory.yaml
This file contains the mapping of devices to the site. It specifies the device type and serial numbers of devices to be moved to the site.
Open-SSID-Site:
- device_type: IAP
devices:
- PHQSLBN5HB
Workflow Steps
This workflow automates the configuration of an Open SSID in HPE Aruba Networking Central, including site creation, role and policy assignment, and device management. Ensure that all configuration files are properly set up before running the script.
-
Create a Site - The script creates a site in HPE Aruba Networking Central using the details provided in the
site_detailssection of the configuration file. -
Get Site ID - The script retrieves the site ID for the newly created site.
-
Create Role - The script creates a role in HPE Aruba Networking Central using the details provided in the
role_detailssection of the configuration file. -
Assign Role to Site - The script assigns the created role to the site.
-
Create Role-Based Policy - The script creates a role-based policy using the details provided in the
policy_detailssection of the configuration file. -
Add Policy to Group - The script adds the created policy to a policy group for easier management.
-
Assign Role-Based Policy to Site - The script assigns the role-based policy to the site.
-
Create Open SSID - The script creates an Open SSID (WLAN Profile) using the details provided in the
ssid_detailssection of the configuration file. -
Assign Open SSID to Site - The script assigns the Open SSID to the site.
-
Get Devices - The script retrieves the list of devices associated with the site.
-
Move Devices to Site - The script moves devices to the newly created site using the inventory details provided in the
inventory.yamlfile. This ensures that devices are properly associated with the site and inherit the configurations applied to the site.
Running the Script
To execute the workflow, run the following command:
python ssid_open_overlay_workflow.py -c account_credentials.yaml -cc classic_account_credentials.yaml -i inventory.yaml -p wlan_overlay_profiles.yaml
Troubleshooting
Common Issues
-
Authentication Errors:
- Ensure that the credentials in account_credentials.yaml are correct.
- Verify that the API token has the necessary permissions.
-
Site Creation Fails:
- Check the site_details section in wlan_overlay_profiles.yaml for missing or incorrect fields.
-
Role or Policy Assignment Fails:
- Ensure that the role or policy exists before assigning it to a site.
-
Device Retrieval Fails:
- Verify that devices are associated with the site in HPE Aruba Networking Central.
Additional Notes
- This workflow is designed for HPE Aruba Networking Central environments and requires the pycentral SDK.
- Ensure that the configuration files listed above are filled out properly before running the script.
Updated 3 days ago