Use this guide to configure Aruba controllers with AOS 8.4.x for use with Meridian Beacon Management and Asset Tracking.
- Configure Clock/NTP services
- Configure preferred DNS to reach *.meridianapps.com
Complete These Steps
Complete these steps to enable the Meridian Asset Tracking solution.
- Turn on the embedded Bluetooth in your APs and configure your infrastructure for Beacons Management.
- Install the DigiCert root certificate on your Managed Devices (MDs) also known as your local controller(s)
- Configure the Web Secure Socket between your controller and the Meridian back-end servers. This should be done on your MDs/local controllers.
- Deploy your Aruba Access Points using the Beacons app.
- Configure your Aruba Asset Tags using the Tags app.
Notes on Web Secure Socket for Asset Tracking
Information Needed for Meridian Editor Aruba Network Configuration
Before you begin, you'll need to gather or set the following information in order to properly configure your controller for asset tracking.
|Controller or IAP||Value|
Beacons Management serverURLs ---
|Global Beacons Management serverURL||https://edit.meridianapps.com/api/beacons/manage|
|EU Beacons Management serverURL||https://edit.eu-meridianapps.com/api/beacons/manage|
|Access Token||Access Token (available in Meridian Editor)|
|BLE Operation Mode||Beaconing|
|Asset Tracking Ingestion serverURLs ---|
|Global Asset Tracking Management serverURL||https://tags.meridianapps.com/api/v1beta1/streams/ingestion.start|
|EU BLE Asset Tag Ingestion serverURL||https://tags-eu.meridianapps.com/api/v1beta1/streams/ingestion.start|
When an Aruba Tag is heard by an access point, the AP sends the RSSI value it's heard to the Meridian Editor using these configuration values. The Editor uses the highest weighted average RSSI value of the Aruba Tag heard by three of APs to track it on the map. This is a continual process for all Aruba Tags being tracked for a location.
Find Your Location ID
You can find your Location ID by;
1. Navigating to your Meridian account (https://edit.meridianapps.com)
2. Select the appropriate Meridian location
3. Go to the Settings tab on the left-hand navigation pane
Aruba Controller-based WLAN Configuration
The Aruba Wi-Fi network infrastructure is configured using an Aruba controller and APs. Configure a controller with Meridian configuration values and it will propagate that configuration to all connected APs.
The controller should have DNS configured and able to reach
Generate an Access Token for Communicating to the Meridian Server.
To get started, create your access token in the Meridian Editor.
- In the sidebar menu click Beacons, then select, "Beacons Management" from the top navigation menu, and then click Generate a New Access Token to get started.
- You'll need to copy your Access token and use in a later step to configure your infrastructure.
Turning on your AP Beacons
This can be done via CLI as well, which if preferred, is referenced below.
- In the Controller's web UI, go to the Configuration tab.
- In the sidebar navigation menu, click System.
- In the top navigation menu, select Profiles.
- Under All Profiles, select AP.
- In the AP System pane, indicate the system profile used by your APs.
- Open the Advanced setting pane.
- In the BLE operation mode field, enter
- Configure Beacon Management IoT Transport Profile (Config below)
You can also do this via CLI;
#configure terminal (config) #ap system-profile <ap system profile-name> (config) #ble-op-mode Beaconing #end #write memory
Adding DigiCert Root Certificate to the Aruba Controller
The websocket endpoint uses a wss (secure websocket) and the server certificate is validated by the websocket library. When using a Meridian endpoint (with the *.meridianapps.com domain), the server is signed by a DigiCert root certificate, that requires the user to add the root CA certificate to the controller.
Uploading the certificate to the controller can be done under the Configuration > Management > Certificates menu.
Select PEM as the certificate format and TrustedCA as the certificate type.
The root CA certificate for Meridian is available at:
Meridian Asset Tracking was previously using a GeoTrust Root Certificate for SSL signing. If you had previously installed this cert, you can safely remove it from the WebGUI, or from CLI using the following statements;
#show crypto-local pki TrustedCA (find the name of the GeoTrust Root Cert) #configure terminal #no crypto-local pki TrustedCA <GeoTrust cert name>
Configure Beacons Management and Asset Tracking IoT Transport Profiles in the Aruba Controller CLI
ArubaOS 8.4.x uses the IoT transportProfile methodology for configuration. Use the following commands;
Configuring Beacons Management
Enter Configuration commands, one per line. End with CNTL/Z
(config) #iot transportProfile <beacons-management> (IoT Data Profile "beacons-management") #endpointType Meridian-Beacon-Management (IoT Data Profile "beacons-management") #endpointURL https://edit.meridianapps.com/api/beacons/manage (IoT Data Profile "beacons-management") #endpointToken <Access Token> (IoT Data Profile "beacons-management") #transportInterval 600 (IoT Data Profile "beacons-management") #exit
(config) #iot useTransportProfile beacons-management (config) #write memory
Configuring Asset Tracking
#configure terminal #iot transportProfile <asset-tracking-profile-name> (Select an Asset Tracking profile-name) #serverType Meridian-Asset-Tracking #serverURL <Select Global or EU endpointURL from above inventory> #accessToken <meridian-token> #clientId <meridian-locationID> #reportingInterval 5 #include-ap-group <select the AP groups you want to participate> #end #iot useTransportProfile <asset-tracking-profile-name> #write memory
clientId / Meridian Location ID = Found in the Meridian Editor URL string or under the “Locations” tab in the Meridian Editor.
accessToken / Meridian Application Token = Found in the Meridian Editor Beacons Management Page
At this time, Configuration of WSS is not available through the Aruba Controller Web-UI.
At least one deployed Asset Tag will need to be in range of a configured observer in order for the Asset Tag signal to trigger the establishment of a WebSocket connection.