Aruba Instant Dynamic Proxy Settings via DHCP

Reading Time: 2 minutes

I often get the question, how to connect our devices to central, as we do not allow direct access to the internet. Here is the answer, we can send the dynamic proxy settings via DHCP to our IAP’s, running at least firmware version 8.4.

DHCP Part for Dynamic Proxy Settings

First, you need to prepare your DHCP server to send the proxy information to the IAP’s. You can use option 60 to only send this information to IAP’s if you have not only IAP’s in the network.

The IAP expect two options in the DHCP ACK packet:

  • Option 60
    • Text field with “ArubaInstantAP”
  • Option 148
    • Text field with the value: “server=[proxy_ip],port=[proxy_port]”

If those two fields are present in the DHCP ACK packet, the IAP use this information to contact the proxy server.

Below is an example of the two options:

Dynamic Proxy Settings - DHCP Options
Dynamic Proxy Settings – DHCP Options

In my example, the proxy server is at 10.203.203.1 and is listening on port 800.

Dynamic Proxy Settings on the IAP

The IAP will just use the information from above to connect to the proxy. The only thing you will see is a log entry like this:

Wed Apr  3 10:30:45 2019  DHCP Option             In progress  DHCP lease of 10.203.203.50 obtained, lease time 300 seconds                                 
Wed Apr  3 10:30:45 2019  DHCP Option             Debug        Proxy Server Option parsed, Proxy Server: 10.203.203.1, Port: 800   

The IAP will now use the proxy server to connect to activate and central:

Dynamic Proxy Settings - Proxy Connect
Dynamic Proxy Settings – Proxy Connect

Shortly after the connection to Activate, you can check the settings here:

a0:2b:b8:86:65:00# show activate status

IAP MAC Address          :a0:2b:b8:86:65:00
IAP Serial Number        :CN44GRY02N
Cloud Activation Key     :HPH4S0UL
Activate Server          :device.arubanetworks.com
Activate Status          :fail-prov-no-rule
Provision interval       :2 minutes

The cool thing is, that the IAP not even need a DNS server, as the proxy server is doing the DNS lookup for the IAP. This makes this solution very convenient for very small sites with no onsite IT equipment.

This will also work to connect your IAP’s to an AirWave server, as the communication is using HTTPS as well.

If you find this post useful, leave me a comment and share it with your friends. If you don’t like the post, leave me a comment and tell me what you don’t like. But whatever you do, leave me a comment.

2 thoughts on “Aruba Instant Dynamic Proxy Settings via DHCP”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.