Configure an Aruba Network for Asset Tracking

This document will describe configuring an Aruba Network--such as Aruba controllers and access points (APs)--for use with Meridian asset tracking and Aruba Tags. For comments and questions, email us at hpe-aruba-meridian-poc@hpe.com.

AP/Controller Infrastructure Deployment and Configuration

NOTE: You only need restart the ble_daemon if the APs are stuck after an upgrade.

If Beacons Management is enabled for a location in the Meridian Editor and you want to upgrade to AOS 6.5.2.0 to enable asset tracking, complete these steps:

  1. Disable Beacons Management on Aruba WLAN before upgrading to 6.5.2+, and enable it after the upgrade to ArubaOS 6.5.2+.
  2. Alternative solution: Restart the ble_daemon process on the impacted AP radios via CLI after the upgrade to ArubaOS 6.5.2+.

ap process restart ap-name ble_daemon

Physical Placement of Access Points

For best Aruba Tag asset tracking accuracy, we recommend placing one AP approximately every 150-230 square meters (~1600-2500 square feet).

The following is an example of AP placement in a retail warehouse space where the ceiling may be anywhere from 7-10 meters (~20-30 feet) high. The retail space is relatively open with shelving aisles for product display and storage.

The following is an example of AP placement in a medical facility. The medical facility is more closed-in than the warehouse space with a ceiling about 3 meters (~9-10 feet) high and with hallways and rooms separated by walls, doors, or glass.

If you're using Access Point Beacons (APBs), the Beacons will still need to be deployed and configured using the Aruba Beacons app.

Asset tracking accuracy can be improved through the use of Control Tags. For more information on how to use Control Tags, please see this article.

Information Needed for Aruba WLAN Configuration

Before you begin, you'll need to gather or set the following information in order to properly configure your controller or instant access point (IAP) for asset tracking.

Controller or IAP Value
EndPoint URL https://edit.meridianapps.com/api/beacons/manage
Authorization Token Access Token (available in Meridian Editor)
BLE Operation Mode Beaconing
BLE Asset Tag Mgmt Server wss://tags.meridianapps.com/streams/v1beta1/ingestion/tags/websocket
BLE Asset Tag Mgmt Server for 6.5.4.+ https://tags.meridianapps.com/streams/v1beta1/ingestion/tags/websocket

When an Aruba Tag is heard by an access point, the AP sends the RSSI value it's heard to the Meridian Editor using these configuration values. The Editor uses the highest weighted average RSSI value of the Aruba Tag heard by three of APs to track it on the map. This is a continual process for all Aruba Tags being tracked for a location.

Aruba Controller-based WLAN Configuration

The Aruba Wi-Fi network infrastructure is configured using an Aruba controller and APs. Configure a controller with Meridian configuration values and it will propagate that configuration to all connected APs.

The controller should have DNS configured and able to ping tags.meridianapps.com.

Aruba Controller Configuration

Generate an Access Token for Communicating to the Meridian Server

To get started, create your access token in the Meridian Editor.

  1. In the sidebar menu click Beacons, then click the gear icon (settings) toward the top-right side of the screen, and then click Generate your access token to get started.
  2. The values you’ll need are shown in the Controller Configuration section.

Controller Web UI

  1. In the controller web UI, go to the Configuration tab.
  2. In the sidebar navigation menu, click AP Configuration.
  3. Expand the AP settings, and then click AP system. This opens the AP system profile pane.
  4. In the AP system profile pane, click the Advanced tab to input the BLE configuration information you got from the Meridian Editor.

The ap-system profile is configured per AP group. A customer who has multiple ap system profiles may want to turn on Meridian services for some or all of the AP Beacons within different system profiles. To do this, the customer would need to configure BLE Management/Asset Tracking for the associated AP system-profiles.

  1. Set BLE Operational Mode to Beaconing.

Adding GeoTrust Root Certificate to the Aruba Controller

The websocket endpoint uses wss protocol (secure websockets) and the server certificate is validated by the websocket library.

When using a Meridian endpoint (with the *.meridianapps.com domain), the server is signed by a GeoTrust root certificate, that requires the user to add the root CA certificate to the controller.

Uploading the certificate to the controller can be done under the Configuration > Management > Certificates menu.

Select PEM as the certificate format and Trusted CA as the certificate type.

The root CA certificate for Meridian is available at: https://knowledge.geotrust.com/library/VERISIGN/INTERNATIONAL_AFFILIATES/GeoTrust/GeoTrust_Global_CA.pem.

The instant access point (IAP) does not require the GeoTrust root certificate.

Configuration Using the Aruba Controller CLI (6.5.3.x and 8.2.x)

See below for the 6.5.4.x configuration.

#configure terminal (config)
#ap system-profile <profile-name> (AP system profile "System-Profile-Name")
#ble-url <ble-url> (AP system profile "System-Profile-Name")
#ble-token <ble-token> (AP system profile "System-Profile-Name")
#ble-op-mode Beaconing (AP system profile "System-Profile-Name")
#end
#write memory

Configuration of Web-Secure Socket (WSS) in the Aruba Controller CLI

#configure terminal
(config) #ble_relay mgmt-server type ws wss://tags.meridianapps.com/streams/v1beta1/ingestion/tags/websocket

Starting with ArubaOS 6.5.4.0, the ws has been replaced by https. Use the following commands:

#configure terminal
(config) #ble_relay mgmt-server type https <ingestion URL> token <token ID> id <location ID>

Where:

  • Ingestion URL = https://tags.meridianapps.com/api/v1beta1/streams/ingestion.start
  • Token ID = The Meridian Editor Beacons Management token.
  • Location ID = Found in the Meridian Editor URL string or under the “Locations” tab in the Meridian Editor.

At this time, Configuration of WSS is not available through the Aruba Controller Web-UI.

In order for the WSS to open, as shown in the Validate your BLE Infrastructure section below, you must successfully deploy an Aruba AP and configure an Asset Tag using the Tags app.

At least one deployed Asset Tag will need to be in range of a configured observer in order for the Asset Tag signal to trigger the establishment of a WebSocket connection.

Troubleshooting: Connection should be established

(AssetKN) #show ble_relay disp-attr all

WebSocket Connect Request : Yes

WebSocket Connect Status : Connection Established

WebSocket Connection Established : Yes

WebSocket LogLevel : 0

Tag Logging : Off

Websocket Address : tags.meridianapps.com

WebSocket Host : tags.meridianapps.com

WebSocket Path : /streams/v1beta1/ingestion/tags/websocket

Troubleshooting: Restarting the connection

(AssetKN) #ble_relay set-attr ws-connect ?

<ws-connect> Initiate/terminate web-socket connection

0 to terminate, 1 to initiate

Troubleshooting: Tag Reports

The following command shows the counters related to Aruba Tag reporting including the number of Tag messages received from APs, messages processed, etc. This number should increase every minute or so. If the tag-reporting option is selected via the set-attr command, then an extended version of the output made available shows the actual Aruba Tags (mac address and RSSI) being reported to the Meridian Editor.

(AssetKN) #show ble_relay tag-report

Incoming Tag messages : 1470

Tag messages processed : 1467

Tag messages dropped : 3

Tag messages WS queue success : 1467

Tag messages WS queue unavailable : 0

Tag messages WS not connected : 3

Tag messages WS sent : 1467

(AssetKN) #ble_relay set-attr tag-logging ?

Initiate/terminate tag report logging (1:initiate, 0:terminate)

Troubleshooting: Reachability to Meridian

Firewall might block ping packets, this is a test to make sure that tags.meridianapps.com can be reached.

(AssetKN) #ping tags.meridianapps.com

Press 'q' to abort.

Sending 5, 92-byte ICMP Echos to 104.197.91.42, timeout is 2 seconds:

...

Success rate is 0 percent (0/3)

(AssetKN) #ping tags.meridianapps.com packet-size 50

Press 'q' to abort.

Sending 5, 50-byte ICMP Echos to 104.197.91.42, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 29.253/29.2802/29.309 ms

Troubleshooting: Access Point

The following CLI commands gives an insight to the functioning of asset tracking from the point-of-view of the AP.

show ap debug ble-table ap-name <AP_NAME> assettags

(AssetKN) #show ap debug  ble-table ap-name Asset1 assettags

BLE Device Table (Asset Tags)

MAC HW_Type FW_Ver Flags Status Batt(%) RSSI Asset_Tag_Id Last Update Uptime
a0:e6:f8:38:05:96 AT-BT10 OAD E 1.2-14 0x0001 T 82 -88 0000-0000-0000 3515s 1h:25m:30s
a0:e6:f8:38:05:54 AT-BT10 OAD E 1.2-15 0x0001 T 100 -78 0000-0000-0000 8s 1h:2m:30s
a0:e6:f8:37:ed:5e AT-BT10 OAD E 1.2-14 0x0001 T 100 -66 0000-0000-0000 1s 39m:0s

Asset tags:3

Total BLE devices:3

Note: Battery level for LS-BT1USB devices is indicated as USB.

Note: Uptime is shown as Days hour:minute:second.

Note: Last Update is time in seconds since last heard update.

Status Flags:L:AP's local beacon; I:iBeacon; A:Beacon management capable

:H:High power beacon; T:Asset Tag Beacon; U:Upgrade of firmware pending

Notice above the RSSI and last update interval is shown.

BLE tag report

(AssetKN) #show ap debug  ble-tag-report ap-name Asset1

Current Time : 2017-02-27 20:57:48

Report Time : 2017-02-27 20:57:46

Tag MAC address RSSI

a0:e6:f8:38:05:54 -76

Aruba Instant WLAN Configuration

In this scenario, the Wi-Fi infrastructure is configured using multiple Aruba IAPs. The Aruba Sensor can be used optionally to augment any areas where APs can't be placed. In a deployment using IAPs only, one IAP will be configured as the virtual controller (or master IAP). You'll need to configure the virtual controller with the Meridian configuration values and it will propagate to all connected IAPs.

To configure the master IAP:

  1. Go to the Master IAP Web UI
  2. Go to Services > RTLS and enter the following:

  • Manage BLE beacons: Yes (ticked)
  • Authorization token: (copy from Meridian editor value under Access Token)
  • Endpoint URL: https://edit.meridianapps.com/api/beacons/manage (copy from Meridian Editor under BLE URL)
  • BLE Operation Mode: Beaconing
  • BLE Asset Tag Mgmt Server: wss://tags.meridianapps.com/streams/v1beta1/ingestion/tags/websocket (copy Websocket URL from controller configuration above)

Appendix A: Bouncing USB port on IAP

Prior to Instant version 4.2, USB function is enable by default and we cannot modify. Starting from IAP 4.2 and later, there is a command to enable/disable the USB port.

CLI configuration: IAP# usb-port-disable

Note: Command takes effect after AP reboot.

IAP# no usb-port-disable

Note: Command takes effect after AP reboot.

IAP# show ap-env IAP# Antenna Type:Internal IAP# usb-port-disable:1

WebUI configuration: Per AP setting-->Uplink-->USB port -->Enable/Disable

Note: The configuration with usb port “usb-port-disable” or “no usb-port-disable” requires reload to the IAP to take effect.