ArubaOS 8.5.x Meridian Beacons Management and Asset Tracking Configuration Guide Follow
Overview
This guide describes the setup and configurations required for supporting Meridian Beacons Management and Asset Tracking on the Aruba Controller.
Contacting Support
Table 1: Contact Support
Main Site | meridianapps.com |
Meridian Support | asp.arubanetworks.com |
Airheads Social Forum and Knowledge Base | community.arubanetworks.com |
Assumptions
This article assumes that the user has admin rights to configure their infrastructure according to Aruba's deployment guide using Aruba Controllers and Access Points (APs). The user must also have admin access to an active Aruba Meridian Editor account and the required Meridian SKU are enabled for beacons management and/or asset tracking.
General WLAN Configurations to Support Meridian
The Aruba Wi-Fi network infrastructure is configured using an Aruba controller and APs. When you configure a controller with Meridian configuration profiles and apply them to the AP group, it will propagate that configuration profile to all connected APs in that group.
Configure Clock/NTP services
Time synchronization is an essential part of managing beacons and tracking asset in your network so make sure that all the nodes are synchronized with the same reference server and time.
Configure preferred DNS to reach *.meridianapps.com
The controller should have DNS configured and be able to reach *.meridianapps.com server.
Meridian Editor Assets
The following Meridian assets are required to complete the configurations on the Aruba Controller for Beacons Management and Asset Tracking.
Access Token
The Access Token is used by the controller to securely communicate with Meridian Servers. Initially, is not available and it must be generated in the Beacons Management menu. This needs to only be done one time because the same Access Token can be used for both Beacons Management and Asset Tracking.
If the access token has not been generated yet, follow the steps below to generate a new access token:
-
In your Meridian Editor cloud account, navigate to Beacons > Beacons Management
-
Click Generate your access token to get started
After the access token is generated, it will be displayed in the ACCESS TOKEN window. To the right of the window is a copy button that can be used to copy the value onto your clipboard for copy and paste operations.
Meridian Server URL
Aruba Meridian has a Standard Server for the general users and an EU Server specifically for the European Union. When configuring the Meridian configuration profiles, it is critical that you use the correct server URL. To find out which server URL to use, look at the webpage URL that you use for accessing your Meridian Editor account.
For example:
-
If you access your Editor account by using https://edit.meridianapps.com, then you are using the Standard Server
-
If you access your Editor account by using https://edit-eu.meridianapps.com, then you are using the EU Server.
It is important that you know which instance of Meridian Server your Meridian Editor account is set up in so that you can enter the correct Meridian Server URL when configuring or tyour devices to communicate with Meridian servers.
Beacons Management Server URL
-
Standard Server: https://edit.meridianapps.com/api/beacons/manage
-
EU Server: https://edit-eu.meridianapps.com/api/beacons/manage
Asset Tracking Server URL
-
Standard Server: https://tags.meridianapps.com/api/v1beta1/streams/ingestion.start
-
UE Server: https://tags-eu.meridianapps.com/api/v1beta1/streams/ingestion.start
Location ID
The Location ID is only required when configuring IoT profile for Asset Tracking. It can be found in the Meridian Editor settings page or in the URL of your account.
Or you can get it from the webpage URL after you log into your Edit account. The syntax for the Meridian Editor URL will look like this:
https://edit.meridianapps.com/apps/<Location ID>
Aruba Controller Configurations
Configure the Internal Access Point Beacons
After your controller is able to reach out to meridianapps.com and you have your Meridian Assets identified, you can now start to configure the IoT Profiles to enable your controller to send data the Meridian servers.
Before you start, the AP Beacons (APB) must be enabled so that it can be provisioned for use with Meridian. If the APB is not enabled, the APB will not be broadcasting the beacon ID, therefore Meridian tools will not be able to configure the beacon. Enabling the APB can be done using the Controller GUI or the CLI.
Option 1: Configure the internal BLE radio Using the GUI
Although this is an option, I find that it is more convenient to do all the configurations in CLI.
On the Mobility Controller, navigate to Configuration > System > Profiles > AP > AP Systems > default > Advanced, then scroll down the page to find BLE Operation Mode and select Beaconing for the drop down window. Then click Submit > Pending Changes > Deploy Changes
Option 2: Configure the internal BLE radio Using CLI
In the samples below, an AP system profile labeled “default” will be configured to set the BLE op mode to “Beaconing” and then apply the profile to the AP group labeled “default”.
(host) [mynode] #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
Create an AP system profile for the internal BLE radio
(host) [mynode] (config) #ap system-profile sample-apsp
(host) [mynode] (AP system profile "sample-apsp") #ble-op-mode Beaconing
(host) [mynode] (AP system profile "sample-apsp") #exit
(host) [mynode] (config) #write memory
Saving Configuration...
Configuration Saved.
Apply the IoT radio profile to an AP group
(host) [mynode] (config) #ap-group sample-apg
(host) [mynode] (AP group "sample-apg") #ap-system-profile sample-apsp
(host) [mynode] (AP group "sample-apg") #exit
(host) [mynode] (config) #write memory
Saving Configuration...
Configuration Saved.
Verify that the AP system profile and the AP group are configured correctly
(host) [mynode] #show ap system-profile default | include "BLE Operation Mode"
BLE Operation Mode Beaconing
(host) [mynode] #show ap-group sample-apg | include "AP system profile"
AP system profile sample-apsp
Check the AP’s configuration to ensure that the profile is received correctly
(host) [mynode] #show ap debug ble-config ap-name AP-315A
BLE Configuration
-----------------
Item Value
---- -----
FIPS Mode No
BLE Supported ONBOARD
BLE Baud Rate 115200
BLE HW Type BT-AP310
MAC Address <MAC Address>
LMS IP <LMS IP>
Controller IP <Controller IP>
PAPI Source IP <PAPI Source IP>
BLE Ready Yes
Beacon Mgmt Update Intvl (in sec) 0
APB Info Update Intvl (in sec) 75 (11669/11611)
BLE debug log Disabled
Operational Mode Beaconing (APB: Beaconing)
Message Selector 0xffff (APB: 0xffff)
AP USB Power Override Disabled (0)
Uplink Status Up (APB: -NA-)
APB Connection Status 0
Last Aruba Remote Device Conn Attempt 00:00:00:00:00:00
Time Last Message to APB 1969-12-31 16:01:40
Log Levels Available { All(0x7ffff), Info(0x04), Warning(0x02), Error(0x01), Ageout(0x08), BMReq(0x10), FW-Upgrade(0x20), FW-UpgradeErr(0x40), CfgUpdate(0x80), CfgUpdateErr(0x100), Beacon(0x200), BcnTLV(0x400), BcnErr(0x800), APB(0x1000), Tags(0x2000), ZF(0x4000), AMON(0x8000), IOT-GW(0x10000), AT-HTTPS-JSON(0x20000), AT-WEBSOCKET-PROTOBUF(0x40000), None(0x00) }
Current Log Level { 0x101e1 : Error(0x0001), FW-Upgrade(0x0020), FW-UpgradeErr(0x0040), CfgUpdate(0x0080), CfgUpdateErr(0x0100), IOT-GW(0x10000) }
Log Mac Filter None
Bundled BluOS Upgrade Enabled (-1)
OTA FW BluOS Upgrade Disabled
Bundled BluOS Images Bank A(/aruba/bin/UpgradeImage_AP_OAD-A_1.2-31.bin) Bank B(/aruba/bin/Beacon_AP_OAD-B_1.2-31.bin)
-----------------
Note: No IoT transport context configured. Config ID:4
-----------------
Note: Uplink status is applicable only for Dynamic Console operational mode.
For APBs of type LS-BT1USB, applied operational mode is Beaconing if ap system profile setting is either Persistent or Dynamic.
Note: Setting Message Selector value to 0x0 will cause the APB to function improperly. Use the knob with caution.
Note: Message Selector Bits: All(0xffff), V0 Scan (0x01), V1 Scan (0x02), UI Scan (0x04), Proximity Advert (0x08), IBeacon (0x10), Heartbeat-1 (0x20), Heartbeat-UI (0x40), Upg Ack (0x80), Heartbeat-2 (0x200), Generic Scan (0x400), Generic Advert (0x800), Tag V1 Scan (0x1000), Tag V1 Advert (0x2000)
The internal BLE should be broadcasting it's BLE MAC address at this point. If you near an AP, you can use the Aruba Beacons mobile app to scan and see the BLE MAC for the AP. After you find the AP beacon, you can go ahead and configure the beacon by moving it onto the Meridian map.
Configure IoT Transport Profile for Beacons Management
After the BLE radio has been enabled on the AP, you are ready to configure the IoT profiles for Beacons Management.
Configure and set the IoT transport profile
(host) [mynode] (config) #iot transportProfile "Beacons Management"
(host) [mynode] (IoT Data Profile "Beacons Management") #serverType Meridian-Beacon-Management
(host) [mynode] (IoT Data Profile "Beacons Management") #serverURL https://edit.meridianapps.com/api/beacons/manage
(host) [mynode] (IoT Data Profile "Beacons Management") #accessToken <access token>
(host) [mynode] (IoT Data Profile "Beacons Management") #reportingInterval 600
(host) [mynode] (IoT Data Profile "Beacons Management") #include-ap-group sample-apg
(host) [mynode] (IoT Data Profile "Beacons Management") #exit
(host) [mynode] (config) #iot useTransportProfile "Beacons Management"
(host) [mynode] (config) #write memory
Saving Configuration...
Configuration Saved.
Note: Meridian manages the reportingInterval property as needed, so while it is a required configuration, the value entered will only be used for the very first connection. Meridian's default is 3600.
Whenever a change is made to IoT transport profile, execute the command “useTransportProfile” to sync the configurations to the APs.
Check the configuration parameters
(host) [mynode] (config) #show iot transportProfile "Beacons Management"
IoT Data Profile "Beacons Management"
-------------------------------------
Parameter Value
--------- -----
Server Type Meridian-Beacon-Management
Server URL https://edit.meridianapps.com/api/beacons/manage
Access Token <access token>
Client Id N/A
Username N/A
Password N/A
Reporting interval 600
Device Class Filter aruba-beacons
UUID Filter N/A
Movement Filter 0
Cell Size Filter 0
Age Filter 0
Authentication URL N/A
UID Namespace Filter N/A
URL Filter N/A
Access ID N/A
RSSI Reporting Format average
choose an environment type office
Custom Fading Factor 20
AP Group sample-apg
Enable BLE on Controller Disabled-apgNote: The Client ID is NOT required when configuring the IoT profile for Beacons Management.
Check that the IoT Profile has been set
(host) [mynode] (config) #show iot transportProfile
IoT Data Profile List
---------------------
Name References Profile Status
---- ---------- --------------
Beacons Management 1
Total:1
The “1” indicates that the IoT transport context profile has been set.
Check the transport context status
(host) *[mynode] #show ble_relay iot-profile
ConfigID : 1
---------------------------Profile[Beacons Management]---------------------------
serverURL : https://edit.meridianapps.com/api/beacons/manage
serverType : Meridian Beacon Management
deviceClassFilter : Aruba Beacons
reportingInterval : 600 second
accessToken. : <access token>
rssiReporting. : Average
environmentType. : office
include_ap_group : default
Server Connection State
--------------------------
TransportContext : Ready
Last Data Update. : <date time>
Last Send Time : <date time>
Last Receive Time. : <date time>
TransType : Https
Verify that the TransportContext status is “Ready”. After you've completed the configuration for Beacons Management, it should take anytime from 5-10 minutes for the APs to communicate to the Meridian server. It generally isn't necessary, but ff the status does not change from "Waiting Data..." to "Ready", try rebooting the controller to make sure the configurations are set properly.
Verify the connection to Meridian has been established in Editor
After the changes are set and deployed, the connection to Meridian beacon server should be established. In Meridian Editor, navigate to the Beacons Management page to make sure the status for Beacon Management is Connected: Your Aruba network is connected to the Meridian Editor. The Editor last heard from your network a few seconds ago.
Configure IoT Transport Profile for Asset Tracking
Configuring the IoT Transport Profile for Beacons Management is required prior to configuring the IoT Transport Profile for Asset Tracking. Asset tracking relies on the Beacons Management component to ensure that the internal BLE is being managed. If you haven’t done it yet, please complete the section to Configure IoT Transport Profile for Beacons Management before starting with this section.
Add the DigiCert Root Certificate to the Aruba Controller
Before starting on the configurations for asset tracking, add the DigiCert Root Certificate to your controller. A rootCA certificate is required on the controller when connecting the the tags server. It must be installed so Asset Tracking will work. The root CA certificate for Meridian is can be downloaded from here.
To add the certificate to the Mobility Controller, navigate to Configuration > System > Certificates > Import Certificates, and click on the "+" button:
-
Enter the Certificate name (no spaces)
-
Upload the Certificate
-
Select PEM as the certificate format
-
Select TrustedCA as the certificate type.
-
Click Submit > Pending Changes > Apply Changes
Meridian Asset Tracking was previously using a GeoTrust Root Certificate for SSL signing. That is no longer needed, If you had previously installed the GeoTrust Root Certificate you can safely remove it from the WebGUI.
If you are unsure, you can search for it using the following CLI. In this case, it did not exit, so there is not further actions to take:
(host) [mynode] #show crypto-local pki TrustedCA
Certificates
------------
Name Original Filename Reference Count Expired
-------------- ----------------- --------------- -------
(host) [mynode] #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(host) [mynode] (config) #no crypto-local pki TrustedCA <GeoTrust cert name>
Configure and set the IoT transport profile
(host) [mynode] (config) #iot transportProfile "Asset Tracking"
(host) ^*[mynode] (IoT Data Profile "Asset Tracking") #serverType Meridian-Asset-Tracking
(host) ^*[mynode] (IoT Data Profile "Asset Tracking") #serverURL https://tags.meridianapps.com/api/v1beta1/streams/ingestion.start
(host) ^*[mynode] (IoT Data Profile "Asset Tracking") #accessToken <access token>
(host) ^*[mynode] (IoT Data Profile "Asset Tracking") #clientID <location id>
(host) ^*[mynode] (IoT Data Profile "Asset Tracking") #reportingInterval 5
(host) ^*[mynode] (IoT Data Profile "Asset Tracking") #include-ap-group sample-apg
(host) ^*[mynode] (IoT Data Profile "Asset Tracking") #exit
(host) ^*[mynode] (config) #iot useTransportProfile "Asset Tracking"
(host) [mynode] (config) #write memory
Saving Configuration...
Configuration Saved.
Whenever a change is made to IoT transport profile, execute the command “useTransportProfile” to sync the configurations to the APs.
Verify IoT Configurations are set.
(host) [mynode] #show iot transportProfile
IoT Data Profile List
---------------------
Name References Profile Status
---- ---------- --------------
Asset Tracking 1
Beacons Management 1
Total:2
The “1” indicates that the IoT transport context profile has been set.
Verify that the IoT parameters are configured correctly.
(host) [mynode] #show iot transportProfile "Asset Tracking"
IoT Data Profile "Asset Tracking"
---------------------------------
Parameter Value
--------- -----
Server Type Meridian-Asset-Tracking
Server URL https://tags.meridianapps.com/api/v1beta1/streams/ingestion.start
Access Token <access token>
Client Id <location id>
Username N/A
Password N/A
Reporting interval 5
Device Class Filter aruba-tags
UUID Filter N/A
Movement Filter 0
Cell Size Filter 0
Age Filter 0
Authentication URL N/A
UID Namespace Filter N/A
URL Filter N/A
Access ID N/A
RSSI Reporting Format average
choose an environment type office
Custom Fading Factor 20
AP Group sample-apg
Enable BLE on Controller Disabled
Verify the BLE relay status are ready
(host) *[mynode] (config) #show ble_relay iot-profile
ConfigID : 2
---------------------------Profile[Beacons Management]---------------------------
serverURL : https://edit.meridianapps.com/api/beacons/manage
serverType : Meridian Beacon Management
deviceClassFilter : Aruba Beacons
reportingInterval. : 600 second
accessToken : eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsIjo1MTY4NTMwMDAxMjMxODcyLCJ0IjoxNTkxNzk3MjQzfQ.YNBAIZ1M8LW0CQ9IeTlQClQQ-v48r9kKJgTaXMSLJ8A
rssiReporting : Average
environmentType : office
include_ap_group : sample-apg
Server Connection State
--------------------------
TransportContext : Ready
Last Data Update : <date time>
Last Send Time : <date time>
Last Receive Time : <date time>
TransType : Https
---------------------------Profile[Asset Tracking]---------------------------
serverURL : https://tags.meridianapps.com/api/v1beta1/streams/ingestion.start
serverType : Meridian Asset Tracking
deviceClassFilter : Aruba Tags
reportingInterval : 5 second
accessToken : <access token>
clientID : <location id>
rssiReporting : Average
environmentType : office
include_ap_group : sample-apg
Server Connection State
--------------------------
TransportContext : Connection Established
Last Data Update : <date time>
Last Send Time : <date time>
TransType : Websocket
At least one deployed asset tag will need to be in range of a configured AP before the AP will start the WSS connection.
If the TransportContext status does not get to Connection Established, then go back and check the make sure you have completed the following:
-
Look at the logs via CLI: (host) [mynode] #show ble_relay ws-log "Asset Tracking"
-
Verify that the DigiCert Root Certificate is installed.
-
Verify that DNS is set up properly
- You may need to reboot the server for all changes to be applied
Summary
This guide provides the fundamental components necessary to configure the infrastructure to communicate with Meridian Servers for Beacons Management and Asset Tracking. If the system does not work as expected after completing all the steps described above, you may contact us as asp.arubanetworks.com.
Comments
0 comments
Please sign in to leave a comment.