Aruba AirWave Glass 1.3.3 User guide

AirWave Glass

1.3.3

Installation and User Guide

November 2020 | Revision 01 AirWave Glass 1.3.3 | Installation and User Guide

Copyright Information

Open Source Code

This product includes code licensed under the GNU General Public License, the GNU Lesser General Public

License, and/or certain other open source licenses. A complete machine-readable copy of the source code

corresponding to such code is available upon request. This offer is valid to anyone in receipt of this information

and shall expire three years following the date of the final distribution of this product version by Hewlett-

Packard Enterprise Company. To obtain such source code, send a check or money order in the amount of US

$10.00 to:

Hewlett-Packard Enterprise Company

Attn: General Counsel

6280 America Center Drive

San Jose, CA 95002

USA

Please specify the product and version for which you are requesting source code.

You may also request a copy of this source code free of charge at: http://hpe.com/software/opensource.

AirWave Glass 1.3.3 | Installation and User Guide Contents | 3

Contents

Product Overview 7

Contacting Support 7

What's New in this Release 8

Installing AirWave Glass 9

Download Files 9

Installation Pre-Requisites 9

Install the AirWave Glass Software 9

Change the Administrator Password 10

Configure Network Settings 10

Configure the AirWave Glass Servers 10

Single Node 10

Three-Node Cluster 11

Post Installation 11

Communication Ports and Protocols 11

Upgrading AirWave Glass 12

Online Upgrades 12

Offline Upgrades 12

Performing an Offline Upgrade for the First Time 13

Installing the Offline Upgrade Package 13

Post Upgrade 14

Refresh Expiring Certificates 14

Refresh the Web Server and Kubernetes certificates 14

Getting Started 16

Home Link 16

Header Statistics and Icons 16

Search and Filter 17

Filter Options 17

Partial Matching or Prefix Search 18

How to Save Your Search 18

Predefined Searches 19

Client Session History 19

The Client Detail Page 20

4| Contents AirWave Glass 1.3.3 | Installation and User Guide

Drill Downs from Top Header and Overview Dashboard 20

Controller Information 21

Device Status Information 22

AirWave Glass and your Managed AMPs 22

Alert Notifications 23

AirWave Glass Software Updates 23

Feeder Software Updates 23

Time Ranges 23

Define a Custom Time Range 23

How Snapshots are Timed 23

How Trends are Sampled 24

Exporting Data 24

Configuring the System 26

Managed AMPs 26

Add a Managed AMP 26

View Last Heard Times 27

Refresh Client Certificates 27

AirWave Glass Cluster Health Monitoring 27

Certificates 28

Custom Certificates 30

How to Replace an Invalid Certificate 30

User Roles 31

Passwords 31

Authentication Servers 31

Enabling RADIUS Authentication 32

Enabling TACACS Authentication 32

Enabling LDAP Authentication 33

Adding LDAPRules 34

License Agreement 35

Monitoring Your Network 36

AirWave Glass Overview 36

AP Radio Status Thresholds 37

Device Health Thresholds 38

Overview 38

Traffic Analysis 39

Traffic Analysis 40

UCC 40

UCC 42

RF Health 43

RF Health 44

Clarity 45

Clarity 46

Client Session 47

Client Session 48

Folder Health 49

Manage User Permissions 49

Roles Defined by Folders 49

LDAP Rules Defined by Folders 49

View Folder Data in a Tree Table 50

Customize the Table 51

Filter the Folder Data 51

Folder Health Thresholds 51

Status Icons 52

View Bar Charts 52

View Trends 52

Customize the Table 53

Filter the Folder Data 53

Folder Health Thresholds 54

Status Icons 54

AirWave Glass Reports 55

Before you Begin 55

Email Settings 55

Time Zone 56

Other Settings 56

Scheduling a Report 56

Using the WebUI 56

Step 1: Report Details 56

Step 2: Layout Details 57

Step 3: Schedule Details 57

Step 4: Email Details 58

Using the CLI 58

Editing a Report Definition 60

Viewing Generated Reports 60

Using RAPIDS 61

RAPIDS 61

Configuring Rogue AP Thresholds 61

Changing the Time Range 62

AirWave Glass 1.3.3 | Installation and User Guide Contents | 5

6| Contents AirWave Glass 1.3.3 | Installation and User Guide

Using VisualRF 64

What You Can Do 64

Zoom In and Out of the World Map 64

Move a Network Campus 64

View Network Campuses on in AirWave 64

Selecting an AirWave Glass Server from the Navigation Bar 65

Appendix A AirWave Glass Command Line Interface 66

Installation CLI 66

AirWave Glass CLI 66

Example: List Offline Upgrade Package 72

Example: Add a Support User 72

Example: Reset the Glass CLI User Password 72

Recovery CLI 73

Reset the CLI Password 73

Reset the Recovery User Password 74

AirWave Glass 1.3.3 | Installation and User Guide Product Overview | 7

Chapter 1

Product Overview

AirWave Glass makes it easy to monitor your wireless network by combining industry-leading functionality with

an intuitive user interface. AirWave Glass provides high availability, supporting networks with Aruba APs,

controllers switches, and third-party vendor devices. AirWave Glass provides an aggregated view of all the

AirWave servers in a single environment.

AirWave Glass is available as a physical appliance, as well as a virtual appliance and it supports both single node

and 3-node cluster to provide high availability and increased scalability.

Aruba recommends the following scaling and sizing suggestions for your AirWave Glass 1.3.3 deployments:

lA single-node deployment of AirWave Glass supports approximately 30,000 devices with controller AMON

data processing, or approximately 50,000 devices with SNMP processing.

lA 3-node cluster of AirWave Glass servers supports approximately 60,000 devices with controller AMON data

processing, or approximately 100,000 devices with SNMP processing.

Contacting Support

Main Site arubanetworks.com

Support Site asp.arubanetworks.com

Airheads Social Forums and Knowledge

Base

community.arubanetworks.com

North American Telephone 1-800-943-4526 (Toll Free)

1-408-754-1200

International Telephone arubanetworks.com/support-services/contact-support/

Software Licensing Site lms.arubanetworks.com

End-of-life Information arubanetworks.com/support-services/end-of-life/

Security Incident Response Team (SIRT) Site: arubanetworks.com/support-services/security-bulletins/

Email: aruba-sirt@hpe.com

Table 1: Contact Information

AirWave Glass 1.3.3 | Installation and User Guide What's New in this Release | 8

Chapter 2

What's New in this Release

AirWave Glass 1.3.3 introduces the following new features:

lKubernetes version in AirWave Glass is upgraded to version 1.18.6.

lThe scheduled Daily reports generated over a week, using AirWave Glass CLI, is appended internally and you

can download a separate package with the appended reports through AirWave Glass CLI.

lUsing AirWave Glass CLIoptions, you can refresh expiring certificates like Kubernetes certificates and web

server certificates.

AirWave Glass 1.3.3 | Installation and User Guide Installing AirWave Glass | 9

Chapter 3

Installing AirWave Glass

This chapter provides step-by-step instructions to install the ISO in a virtual machine, configure the AirWave

Glass servers, and prepare the deployment.

Download Files

The following files are available from the Aruba support site:

lOffline upgrade package

lISO file for Gen9 and Gen10 appliances

Installation Pre-Requisites

Before you begin, ensure that you have installed VMware tools in a text-based environment and allocated

enough resources to the virtual machine. If your host virtual machine runs other virtual machines, ensure that

the AirWave Glass instance has the highest priority.

During installation on Gen9 or Gen10 servers, ensure that there are no storage devices or LAN cables connected

to the Hardware. After installation, you can reconnect LANcables for network settings.

Following is a list ofthe recommended minimum system requirements, VMware requirements, and supported

browsers:

lMemory: 32 GB

lHard disk: 200 GB

lCPU: 10 cores

lVMware ESX(i) 6.5 and later

lVirtual SCSIdisk (preferred over IDE)

lChrome 65.03299.0 (64-bit) or later on Windows and macOS

lFirefox 57.0 (64-bit) or later on Windows and macOS

lSafari 11.0.2 or later for macOS

lInternet Explorer 11.0.9 or later on Windows

Aruba recommends a 20% increased buffer for virtual environments. Ensure that you allocate enough extra

disk space for the OS and swap when partitioning the virtual disk.

All log messages collected during the installation are saved to the /var/log/glass.log file.

Install the AirWave Glass Software

After installing the ISO file and the operating system is running, the Installation CLI is available. The installation

process takes about 20 minutes to install the images and then load them. The system reboots automatically

once the installation is complete.

Follow these steps to install the software:

1. Login to the AirWave Glass server as the default administrator with the following credentials:

user: glassadmin

10 | Installing AirWave Glass AirWave Glass 1.3.3 | Installation and User Guide

password: glassadmin

2. Enter 1to start the installation (see Figure 1).

Figure 1: Installation CLI Menu

Change the Administrator Password

After you complete the installation, AirWave Glass sets the password for the default administrator user. When

the server reboots, it is mandatory to change the admin password.

1. Log into the AirWave Glass server as the default administrator with the following credentials:

user: glassadmin

password: glassadmin

2. At the prompt, enter a new password.

3. Confirm the new password.

Configure Network Settings

During installation, the installer automatically checks for a network interface. Perform the following steps to

configure or modify network settings:

1. Login to the CLI on the AirWave Glass server as the administrator.

2. Enter 4-1 to open the Network Setup menu, then follow the prompts to enter the following settings:

nInterface name

nAirWave Glass server IPaddress

nSubnet mask

nGateway IPaddress

nDNS server IPaddress

nSecondary DNS server (optional)

nAirWave Glass server hostname (FQDN)

nTimezone for the AirWave Glass server

Underscore symbol is not a valid character in AirWave Glass server hostname (FQDN).

Configure the AirWave Glass Servers

Choose one of the following configuration workflows:

Single Node

Perform the following steps on the single node:

1. At the prompt, enter 4-2 to open the Glass Configuration > Cluster/Node Setup menu.

2. Enter nand follow the prompts to configure the node.

3. Enter the FQDN of the node (for example, company.com).

4. Confirm the IP address of the node.

5. Enter yto confirm the configuration settings and continue the installation. Or, enter nto correct the FQDN

and try again.

Three-Node Cluster

Perform the following steps to configure each node in the cluster:

1. Login to the CLI on the AirWave Glass server as the administrator.

2. Enter 4-2 to open the Glass Configuration > Cluster/Node Setup menu.

3. Enter yand then follow the prompts to setup the Glass cluster.

4. Enter the FQDN of the node (for example, company.com).

5. Enter yto confirm the configuration settings and continue the installation. Or, enter nto correct the FQDN

and try again.

6. At the prompt, enter space-separated IP addresses for the other two nodes that will form the three-node

cluster.

7. Follow the onscreen instructions when prompted to log in to the other two nodes and finish the cluster

setup.

Post Installation

After you install AirWave Glass and deploy your network, you can configure the communication ports.

Communication Ports and Protocols

In order to allow traffic to flow between AirWave Glass and AirWave Glass across firewall devices, open the ports

described in Table 2.

Port Protocol Description

22 TCP Used to support connection for debugging AirWave Glass-related issues

443 TCP Used for secure web socket communication between the feeder service

running on managed AMPs and AirWave Glass. For more information

about feeder updates, see "Getting Started" on page 16.

443 TCP Used to pull images and metadata from the Internet.

NOTE: In order for AirWave Glass to pull Kubernetes images from gcr.io

and AirWave Glass images from quay.io, you must open port 443 for the

following URLs: gcr.io/google_containers,quay.io/arubadevops, and

quay.io/coreos.

—ICMP Used by the feeder service for checking connectivity between the

managed AMPs and AirWave Glass by running ICMP ping and building

secure Java keystores.

Table 2: Ports and Protocols

AirWave Glass 1.3.3 | Installation and User Guide Installing AirWave Glass | 11

AirWave Glass 1.3.3 | Installation and User Guide Upgrading AirWave Glass | 12

Chapter 4

Upgrading AirWave Glass

AirWave Glass 1.3.3 supports online upgrades in deployments that can access the AirWave Glass Software

download servers.AirWave Glass 1.3.3 also supports offline upgrade method for deployments. that do not have

access to the Internet or are unable to download the software upgrade due to security issues.

Online Upgrades

When you run the online software update, the process might take 10 to 15 minutes and requires multiple clicks

through upgrade notification windows. Each click starts the upgrade of a subset of pods. This upgrade is best

done during server downtime or less busy hours to avoid AirWave Glass missing messages from the attached

managed AMP. You may need to repeat this procedure and perform multiple upgrade cycles until you don't see

online upgrade notifications.

To ensure that your system receives the most up-to-date software version available, it is recommended that

you add coreupdate.central.arubanetworks.com and gcr.io/google_containers to your whitelists.

To upgrade to AirWave Glass 1.3.3:

1. Click to download the software.

2. Click the blue Upgrade link in the notification window to run the software.

Figure 2: Update Available

3. An upgrade confirmation notification is displayed. Click Yes to upgrade

4. When the WebUI is up, confirm your upgrade version by checking the notification window.

Figure 3: Latest Version

Offline Upgrades

AirWave Glass 1.3.3 provides an offline method of updating the software. If this is the first time you are

performing an offline upgrade, follow the steps in "Performing an Offline Upgrade for the First Time" on page 13,

and then proceed to "Installing the Offline Upgrade Package" on page 13.

13 | Upgrading AirWave Glass AirWave Glass 1.3.3 | Installation and User Guide

However, if the managed AMPs are already running AirWave Glass 8.2.7.1 or later versions, or you have

performed an offline upgrade before, proceed to "Installing the Offline Upgrade Package" on page 13.

All log messages collected during the upgrade are saved to the /var/log/glass.log file.

Performing an Offline Upgrade for the First Time

Perform the following steps to copy the feeder image onto your AirWave Glass servers:

1. Copy the feeder updater tar file to all AirWave Glass servers associated to AirWave Glass.

2. On each managed AMP, load the feeder updater file using the command docker load < feeder_

updater.tar.gz. This process takes 10 to 15 minutes to complete.

3. Proceed to "Installing the Offline Upgrade Package" on page 13.

Installing the Offline Upgrade Package

If you have performed the offline upgrade before, or you have installed the feeder updater and are ready to

install the offline upgrade package, perform the following steps:

1. Log in to the AirWave Glass CLI, enter option 4from the main menu for AirWave Glass Configuration.

2. Enter option 8for offline upgrade package and then, option 1to upload the offline upgrade package.

3. Once the offline upgrade package is uploaded, go back to the main menu and enter option 4 - 8 for the

offline upgrade package and enter option 3to initiate the offline upgrade.

This option installs the AirWave Glass upgrade package on your system. You will be prompted to enter the

name of the offline file package name.

4. Log in to the AirWave Glass server, then click to download the software.

5. Click the blue Upgrade link in the notification window.

Figure 4: Update Available

6. An upgrade confirmation notification is displayed. Click Yes to upgrade.

Figure 5: Upgrade Confirmation

The AirWave Glass WebUI will be down for about 10 minutes once the upgrade process is complete.

7. When the WebUI is up, confirm your upgraded version by checking the notification window.

Figure 6: Latest Version

Post Upgrade

You can confirm the AirWave Glass upgrade by checking the version:

lFrom the WebUI, go to System > Managed AMPs and hover the mouse over to view the feeder version.

lFrom the CLI, select 2to open the Show menu and then 7to view the app status. All the pods should be in

the "Running" state.

After confirming the upgrade, log in to the AirWave Glass server again. After the data cache expires, AirWave

Glass refreshes with AirWave Glass data.

Refresh Expiring Certificates

AirWave Glass alerts you to expiring certificates with a warning banner at the top left corner of the WebUI. You

can click to expand and to collapse the warning banner.

If a certificate expires within 10 to 90 days, AirWave Glass displays the banner shown in Figure 7. This banner is

collapsed by default.

Figure 7: 10 to 90-Day Notification

If a certificate expires in less than 10-days, AirWave Glass displays a banner similar to the example shown in

Figure 8. This banner is expanded by default.

Figure 8: Less than 10-Day Notification

Refresh the Web Server and Kubernetes certificates

The following procedures describe how to refresh the Web Server and Kubernetes certificates on your AirWave

Glass server and, the client certificates on your managed AMPs.

Perform the following steps to refresh Kubernetes certificates:

1. Log in to the AirWave Glass server CLI with the user name and password. In case of multi-node cluster, log in

to the AirWave Glass server CLI of the Conductor Node.

2. From the main menu, select Option 8 - System, then, Option 1- Certificates, and Option 2 - Refresh

Kubernetes certificates. Executing this option will refresh the Kubernetes certificates for next 1 year.

Perform the following steps to refresh Web Server Certificate:

AirWave Glass 1.3.3 | Installation and User Guide Upgrading AirWave Glass | 14

15 | Upgrading AirWave Glass AirWave Glass 1.3.3 | Installation and User Guide

1. Log in to the AirWave Glass server CLI with the user name and password. In case of multi-node cluster, log in

to the AirWave Glass server CLI of the Conductor Node.

2. From the main menu, select Option 8 - System, then, Option 1- Certificates, and Option 3 - Refresh Web

Server Certificates. Executing this option will refresh the Web Server certificates for the next 10 years.

Perform the following steps to refresh Client certificates on the Managed AMP by regenerating expired client

certificates in the AirWave Glass WebUI:

1. Log in to AirWave Glass WebUI.

2. Navigate to System > Managed AMPs, locate the AMP, and click to modify its settings.

3. Select the Regenerate Service Credentials checkbox to refresh the client certificates and all API secrets on

the managed AMP.

4. Enter the user name and password on the managed AMP.

This feature is not available for custom certificates, or certificates that have already expired. Contact Technical

Support if you want to refresh a custom certificate, or if the certificates have already expired.

AirWave Glass 1.3.3 | Installation and User Guide Getting Started | 16

Chapter 5

Getting Started

AirWave Glass aggregates data from individual managed AMP servers and provides a single pane of glass view for

large network environments. With single sign-on (SSO) authentication, you can drill down and view information

on an individual managed AMPserver without logging out of AirWave Glass, or logging on to the managed AMP

server. The same role-based access controls that are used in AirWave Glass also manages who does what in

AirWave Glass.

For SSO authentication to work, AirWave Glass and AirWave Glass servers must have hostnames that are fully

qualified domain names (FQDN).

This chapter includes the following topics that will help you use the AirWave Glass WebUI:

l"Home Link" on page 16

l"Header Statistics and Icons" on page 16

l"Search and Filter" on page 17

l"AirWave Glass and your Managed AMPs" on page 22

l"Alert Notifications" on page 23

l"Time Ranges" on page 23

l"Exporting Data" on page 24

Home Link

Clicking on the orange Aruba icon on the upper left corner of any page in the AirWave Glass WebUI will launch

the Home > Overview page.

Header Statistics and Icons

Header statistics at the top of the page automatically refreshes once every 5-minute. Automatic refreshing of

the statistics in the Overview dashboard can start at different times. If you add or delete a managed AMP, you

will need to wait for the cache to clear in order for the client counts to be exact.

Click the statistics icon beside the numeric values to drill down into detailed search indexes. For information

about the drill down capability, see "Drill Downs from Top Header and Overview Dashboard" on page 20.

The rogue count in the header statistics displayed at the top of the page and the Overview page does not

include suspected rogues. To see a breakdown of rogues by classification type, navigate to Home > RAPIDS.

See "RAPIDS" on page 61.

Figure 9: Header Statistics Icons

17 | Getting Started AirWave Glass 1.3.3 | Installation and User Guide

Search and Filter

Use the search utility at the top of the WebUI to locate the devices on your network and then filter your results

using the navigation sidebar. By default, the search utility searches through these categories: access point, client,

controller, floor, folder, rogue device, and switch.

Filter Options

To limit the search to a specific category, click the All drop-down list of the search field and select a device type

filter, or select a filter by entering text in the search field.

Figure 10: Search Utility

The results of your search are displayed in a search table on a separate page. For example, Figure 11 shows the

search results for an access point whose information contains the text string Aruba.

Figure 11: Partial Search Results Showing Additional Filters

AirWave Glass shows more than 10,000 records for a query. You can search within these results by clicking the

links to filter the output by hostname, firmware, device type, number of clients, and Up or Down state.

The available filters for any search vary according to the contents of the search results. The Results page might

display a larger number of results. The correct values for each device are now displayed on the left pane when

you drill down using the Header Statistics icons.

Partial Matching or Prefix Search

Partial matching is useful when you want to find names. Enter at least 2 characters to find any words that

contain that fragment.

You can perform prefix searches for the following fields: classification, hostname, SSID, or the last-known name

of an AP. AirWave Glass returns any words or phrases that contain the prefix.

Search results include hypertext links to monitoring pages for APs, controllers, clients, and rogue details in the

corresponding managed AMP.

How to Save Your Search

You can save your search results to access information you frequently use. Figure 12 shows an example of a

saved search named "APs with or."

AirWave Glass 1.3.3 | Installation and User Guide Getting Started | 18

19 | Getting Started AirWave Glass 1.3.3 | Installation and User Guide

Figure 12: Saved Search Example

From the top right of the results page, click to save your search. Later, click to find your saved search, or

delete the search. You can also access a saved search from the left navigation menu.

Predefined Searches

There are also predefined, saved searches which the AirWave Glass uses to render the dashboards. You can't

modify predefined searches.

Figure 13: Predefined, Saved Searches

Client Session History

AirWave Glass aggregates client sessions data from all the attached AirWave servers and keeps the information

for 7 days. This information is useful if clients move between APs which are monitored by different AirWave

servers. Because AirWave Glass stores historical client session data for only 7 days, go to the managed AMP to

see older historical client session data. AirWave Glass stores client session data for 30 days.

You can view client session data from multiple AirWave servers on the following search result pages:

lThe Client Index shows connected, online client sessions. You can see the Client Index by searching on All or

Client. Or, you can drill down from the top header or Overview dashboard.

lThe Historical Client Session Index shows historical client sessions. You can see the Historical Client

Session Index by searching on Historical Client Session. Results shown in the historical client session index

are only historical client sessions. The same client (MAC address) might be currently online and also appear in

the Client Index search results.

Because client association and disassociation is dynamic, you might see a discrepancy between the AMP client

count in header statistics and drill down counts in AirWave Glass.

A client might appear to be online in AirWave Glass although it has disconnected from the managed AMP

because the AirWave Glass server has not received the disconnection data from the feeder service. As a result,

if you try to navigate back to AirWave Glass when a client is offline, you will see the following message: This

client went offline, please search Historical Client Sessions for more details.

The Client Detail Page

AirWave Glass has a page called Client Detail that is available only for clients that are connected to the network.

Information on the page includes:

lCurrent client session data- displays data such as which AP the client is connected to and how long the client

has been connected.

lHistorical client session data - displays data such as the association time and which controller is attached to

the LAN IP address.

To access the Client Detail page, click the blue MAC address link in the Client Index search results to open the

Client Detail page (see Figure 14).

Figure 14: Accessing the Client Detail Page

Key considerations when working with the Client Details page in AirWave Glass:

lIf the client is not connected to the managed AMP, clicking the MAC address opens the Clients > Detail page

in AirWave.

lIf the client is currently connected to the managed AMP, clicking the MAC address opens the Clients >

Diagnostics page in AirWave.

lYou can navigate back to the Client Detail page in AirWave Glass from AirWave by clicking the Back to

AirWave Glass link.

Drill Downs from Top Header and Overview Dashboard

You can drill down to specific device information with a single click from the top header and the Overview

dashboard on the AirWave Glass Home page. If you navigate away from the Overview dashboard to filtered

result views, you will see a link in the upper-left corner of the WebUI. Click this link to navigate to

the Overview dashboard.

Do any of the following:

lClick the Statistic icons in the top header to drill down to corresponding APs/Devices, switches, clients, or

rogues.

lClick the Snapshot icons in the Overview dashboard to drill down to information on usage, AP radio status,

network device status, client device types, health status, security, and Clarity failures.

For example, when you click in the top header, AirWave Glass displays filtered results labeled "CLIENT" :

WIRELESS or "CLIENT" : WIRED with a search sidebar that contains more options to refine your results, as shown

in Figure 15.

AirWave Glass 1.3.3 | Installation and User Guide Getting Started | 20

Page is loading ...

Aruba AirWave Glass 1.3.3 User guide

Aruba AirWave Glass 1.3.3 User guide

Related papers

Other documents