Configure an Aruba Network for Asset Tracking
This document will describe configuring an Aruba Network--such as Aruba controllers and access points (APs)--for use with Meridian asset tracking and Aruba Tags. For comments and questions, email us at firstname.lastname@example.org.
AP/Controller Infrastructure Deployment and Configuration
NOTE: You only need restart the
ble_daemon if the APs are stuck after an upgrade.
If Beacons Management is enabled for a location in the Meridian Editor and you want to upgrade to AOS 184.108.40.206 to enable asset tracking, complete these steps:
- Disable Beacons Management on Aruba WLAN before upgrading to 6.5.2+, and enable it after the upgrade to ArubaOS 6.5.2+.
- Alternative solution: Restart the
ble_daemonprocess on the impacted AP radios via CLI after the upgrade to ArubaOS 6.5.2+.
ap process restart ap-name
Physical Placement of Access Points
For best Aruba Tag asset tracking accuracy, we recommend placing one AP approximately every 150-230 square meters (~1600-2500 square feet).
The following is an example of AP placement in a retail warehouse space where the ceiling may be anywhere from 7-10 meters (~20-30 feet) high. The retail space is relatively open with shelving aisles for product display and storage.
The following is an example of AP placement in a medical facility. The medical facility is more closed-in than the warehouse space with a ceiling about 3 meters (~9-10 feet) high and with hallways and rooms separated by walls, doors, or glass.
If you're using Access Point Beacons (APBs), the Beacons will still need to be deployed and configured using the Aruba Beacons app.
Asset tracking accuracy can be improved through the use of Control Tags. For more information on how to use Control Tags, please see this article.
Information Needed for Aruba WLAN Configuration
Before you begin, you'll need to gather or set the following information in order to properly configure your controller or instant access point (IAP) for asset tracking.
|Controller or IAP||Value|
|Authorization Token||Access Token (available in Meridian Editor)|
|BLE Operation Mode||Beaconing|
|BLE Asset Tag Mgmt Server||wss://tags.meridianapps.com/streams/v1beta1/ingestion/tags/websocket|
|BLE Asset Tag Mgmt Server for 6.5.4.+||https://tags.meridianapps.com/streams/v1beta1/ingestion/tags/websocket|
When an Aruba Tag is heard by an access point, the AP sends the RSSI value it's heard to the Meridian Editor using these configuration values. The Editor uses the highest weighted average RSSI value of the Aruba Tag heard by three of APs to track it on the map. This is a continual process for all Aruba Tags being tracked for a location.
Aruba Controller-based WLAN Configuration
The Aruba Wi-Fi network infrastructure is configured using an Aruba controller and APs. Configure a controller with Meridian configuration values and it will propagate that configuration to all connected APs.
The controller should have DNS configured and able to ping tags.meridianapps.com.
Aruba Controller Configuration
Generate an Access Token for Communicating to the Meridian Server
To get started, create your access token in the Meridian Editor.
- In the sidebar menu click Beacons, then click the gear icon (settings) toward the top-right side of the screen, and then click Generate your access token to get started.
- The values you’ll need are shown in the Controller Configuration section.
Controller Web UI
- In the controller web UI, go to the Configuration tab.
- In the sidebar navigation menu, click AP Configuration.
- Expand the AP settings, and then click AP system. This opens the AP system profile pane.
- In the AP system profile pane, click the Advanced tab to input the BLE configuration information you got from the Meridian Editor.
The ap-system profile is configured per AP group. A customer who has multiple ap system profiles may want to turn on Meridian services for some or all of the AP Beacons within different system profiles. To do this, the customer would need to configure BLE Management/Asset Tracking for the associated AP system-profiles.
- Set BLE Operational Mode to Beaconing.
Adding GeoTrust Root Certificate to the Aruba Controller
The websocket endpoint uses wss protocol (secure websockets) and the server certificate is validated by the websocket library.
When using a Meridian endpoint (with the *.meridianapps.com domain), the server is signed by a GeoTrust root certificate, that requires the user to add the root CA certificate to the controller.
Uploading the certificate to the controller can be done under the Configuration > Management > Certificates menu.
Select PEM as the certificate format and Trusted CA as the certificate type.
The root CA certificate for Meridian is available at: https://knowledge.geotrust.com/library/VERISIGN/INTERNATIONAL_AFFILIATES/GeoTrust/GeoTrust_Global_CA.pem.
The instant access point (IAP) does not require the GeoTrust root certificate.
Configuration Using the Aruba Controller CLI (6.5.3.x and 8.2.x)
See below for the 6.5.4.x configuration.
#configure terminal (config) #ap system-profile <profile-name> (AP system profile "System-Profile-Name") #ble-url <ble-url> (AP system profile "System-Profile-Name") #ble-token <ble-token> (AP system profile "System-Profile-Name") #ble-op-mode Beaconing (AP system profile "System-Profile-Name") #end #write memory
Configuration of Web-Secure Socket (WSS) in the Aruba Controller CLI
#configure terminal (config) #ble_relay mgmt-server type ws wss://tags.meridianapps.com/streams/v1beta1/ingestion/tags/websocket
Starting with ArubaOS 220.127.116.11, the ws has been replaced by https. Use the following commands:
#configure terminal (config) #ble_relay mgmt-server type https <ingestion URL> token <token ID> id <location ID>
- Ingestion URL = https://tags.meridianapps.com/api/v1beta1/streams/ingestion.start
- Token ID = The Meridian Editor Beacons Management token.
- Location ID = Found in the Meridian Editor URL string or under the “Locations” tab in the Meridian Editor.
At this time, Configuration of WSS is not available through the Aruba Controller Web-UI.
In order for the WSS to open, as shown in the Validate your BLE Infrastructure section below, you must successfully deploy an Aruba AP and configure an Asset Tag using the Tags app.
At least one deployed Asset Tag will need to be in range of a configured observer in order for the Asset Tag signal to trigger the establishment of a WebSocket connection.
Troubleshooting: Connection should be established
(AssetKN) #show ble_relay disp-attr all
WebSocket Connect Request : Yes
WebSocket Connect Status : Connection Established
WebSocket Connection Established : Yes
WebSocket LogLevel : 0
Tag Logging : Off
Websocket Address : tags.meridianapps.com
WebSocket Host : tags.meridianapps.com
WebSocket Path : /streams/v1beta1/ingestion/tags/websocket
Troubleshooting: Restarting the connection
(AssetKN) #ble_relay set-attr ws-connect ? <ws-connect> Initiate/terminate web-socket connection
0 to terminate, 1 to initiate
Troubleshooting: Tag Reports
The following command shows the counters related to Aruba Tag reporting including the number of Tag messages received from APs, messages processed, etc. This number should increase every minute or so. If the tag-reporting option is selected via the set-attr command, then an extended version of the output made available shows the actual Aruba Tags (mac address and RSSI) being reported to the Meridian Editor.
(AssetKN) #show ble_relay tag-report
Incoming Tag messages : 1470
Tag messages processed : 1467
Tag messages dropped : 3
Tag messages WS queue success : 1467
Tag messages WS queue unavailable : 0
Tag messages WS not connected : 3
Tag messages WS sent : 1467
(AssetKN) #ble_relay set-attr tag-logging ?
Initiate/terminate tag report logging (1:initiate, 0:terminate)
Troubleshooting: Reachability to Meridian
Firewall might block ping packets, this is a test to make sure that
tags.meridianapps.com can be reached.
(AssetKN) #ping tags.meridianapps.com
Press 'q' to abort.
Sending 5, 92-byte ICMP Echos to 18.104.22.168, timeout is 2 seconds:
Success rate is 0 percent (0/3)
(AssetKN) #ping tags.meridianapps.com packet-size 50
Press 'q' to abort.
Sending 5, 50-byte ICMP Echos to 22.214.171.124, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 29.253/29.2802/29.309 ms
Troubleshooting: Access Point
The following CLI commands gives an insight to the functioning of asset tracking from the point-of-view of the AP.
show ap debug ble-table ap-name <AP_NAME> assettags (AssetKN) #show ap debug ble-table ap-name Asset1 assettags
BLE Device Table (Asset Tags)
|a0:e6:f8:38:05:96||AT-BT10 OAD E||1.2-14||0x0001||T||82||-88||0000-0000-0000||3515s||1h:25m:30s|
|a0:e6:f8:38:05:54||AT-BT10 OAD E||1.2-15||0x0001||T||100||-78||0000-0000-0000||8s||1h:2m:30s|
|a0:e6:f8:37:ed:5e||AT-BT10 OAD E||1.2-14||0x0001||T||100||-66||0000-0000-0000||1s||39m:0s|
Total BLE devices:3
Note: Battery level for LS-BT1USB devices is indicated as USB.
Note: Uptime is shown as Days hour:minute:second.
Note: Last Update is time in seconds since last heard update.
Status Flags:L:AP's local beacon; I:iBeacon; A:Beacon management capable
:H:High power beacon; T:Asset Tag Beacon; U:Upgrade of firmware pending
Notice above the RSSI and last update interval is shown.
BLE tag report
(AssetKN) #show ap debug ble-tag-report ap-name Asset1
Current Time : 2017-02-27 20:57:48
Report Time : 2017-02-27 20:57:46
Tag MAC address RSSI
Aruba Instant WLAN Configuration
In this scenario, the Wi-Fi infrastructure is configured using multiple Aruba IAPs. The Aruba Sensor can be used optionally to augment any areas where APs can't be placed. In a deployment using IAPs only, one IAP will be configured as the virtual controller (or master IAP). You'll need to configure the virtual controller with the Meridian configuration values and it will propagate to all connected IAPs.
To configure the master IAP:
- Go to the Master IAP Web UI
- Go to Services > RTLS and enter the following:
- Manage BLE beacons: Yes (ticked)
- Authorization token: (copy from Meridian editor value under Access Token)
- Endpoint URL: https://edit.meridianapps.com/api/beacons/manage (copy from Meridian Editor under BLE URL)
- BLE Operation Mode: Beaconing
- BLE Asset Tag Mgmt Server: wss://tags.meridianapps.com/streams/v1beta1/ingestion/tags/websocket (copy Websocket URL from controller configuration above)
Appendix A: Bouncing USB port on IAP
Prior to Instant version 4.2, USB function is enable by default and we cannot modify. Starting from IAP 4.2 and later, there is a command to enable/disable the USB port.
Note: Command takes effect after AP reboot.
IAP# no usb-port-disable
Note: Command takes effect after AP reboot.
IAP# show ap-env IAP# Antenna Type:Internal IAP# usb-port-disable:1
WebUI configuration: Per AP setting-->Uplink-->USB port -->Enable/Disable
Note: The configuration with usb port “usb-port-disable” or “no usb-port-disable” requires reload to the IAP to take effect.