1. Meridian Platform Documentation
  2. Deployment
  3. Configure Aruba Hardware

Menu

Articles in this section

See more

ArubaOS 8.7.x, 8.8.x, 8.9.x, 8.10.x Meridian Beacons Management and Asset Tracking Configuration Guide Follow

  • Updated

Overview

This guide describes the setup and configurations required for supporting Meridian Beacons Management and Asset Tracking on the Aruba Controller.

Contacting Support

Table 1:  Contact Support

Main Site docs.meridianapps.com
Meridian Support asp.arubanetworks.com
Airheads Social Forum and Knowledge Base community.arubanetworks.com

Assumptions

This article assumes that the user has admin rights to configure their infrastructure according to Aruba's deployment guide using Aruba Controllers and Access Points (APs).  The user must also have admin access to an active Aruba Meridian Editor account and the required Meridian SKU are enabled for beacons management and/or asset tracking.

General WLAN Configurations to Support Meridian

The Aruba Wi-Fi network infrastructure is configured using an Aruba controller and APs. When you configure a controller with Meridian configuration profiles and apply them to the AP group,  it will propagate that configuration profile to all connected APs in that group.

Configure Clock/NTP services

Time synchronization is an essential part of managing beacons and tracking asset in your network so make sure that all the nodes are synchronized with the same reference server and time. 

Configure preferred DNS to reach *.meridianapps.com

The controller should have DNS configured and be able to reach  *.meridianapps.com server.

 

Meridian Editor Assets

The following Meridian assets are required to complete the configurations on the Aruba Controller for Beacons Management and Asset Tracking.

Access Token

The Access Token is used by the controller to securely communicate with Meridian Servers.  Initially, is not available and it must be generated in the Beacons Management menu.  This needs to only be done one time because the same Access Token can be used for both Beacons Management and Asset Tracking.

If the access token has not been generated yet, follow the steps below to generate a new access token:

  • In your Meridian Editor cloud account, navigate to Beacons > Beacons Management 

  • Click Generate your access token to get started

Screen_Shot_2020-06-13_at_10.58.45_AM.png 

After the access token is generated, it will be displayed in the ACCESS TOKEN window.  To the right of the window is a copy button that can be used to copy the value onto your clipboard for copy and paste operations.

Screen_Shot_2020-06-13_at_11.15.12_AM.png

Meridian Server URL

Aruba Meridian has a Standard Server for the general users and an EU Server specifically for the European Union.  When configuring the Meridian configuration profiles, it is critical that you use the correct server URL.  To find out which server URL to use, look at the webpage URL that you use for accessing your Meridian Editor account.

For example:

It is important that you know which instance of Meridian Server your Meridian Editor account is set up in so that you can enter the correct Meridian Server URL when configuring  or tyour devices to communicate with Meridian servers.  

Beacons Management Server URL

Asset Tracking Server URL

Location ID

The Location ID is required when configuring your IoT profile. It can be found in the Meridian Editor settings page or in the URL of your account. 

Screen_Shot_2020-06-13_at_10.56.45_AM.png

Or you can get it from the webpage URL after you log into your Edit account.  The syntax for the Meridian Editor URL will look like this:

https://edit.meridianapps.com/apps/<Location ID>

Screen_Shot_2020-06-13_at_11.07.56_AM.png

Aruba Controller Configurations

The recommended approach to configuring the Meridian IoT profiles are to do it at the cluster node.  Configuring the BLE radio profile, beacons management IoT profile, asset tracking IoT profile, and adding the DigiCert Root Certificate to the cluster node ensures that the target controllers and APs are configured properly to communicate to the Meridian servers. Configuring the profiles at the cluster level eliminates potential conflicts with inherited policies from a different source. 

For a live tutorial, please head over to Airhead Broadcasting on YouTube and watch ArubaOS 8.9 Series - Part 9 - IoT Profiles.

Enable the Access Point BLE Radio

Before configuring for Beacons Management or Asset Tracking, the AP Beacons (APB) must be enabled so that it can be provisioned for use with Meridian. If the APB is not enabled, the APB will not be broadcasting the beacon ID, therefore Meridian tools will not be able to configure the beacon. 

Enabling the APB can be done using the Controller GUI or the CLI.  The instructions in this article will be using the UI for all configurations.  

In your managed network, navigate to IoT > Configurations > IoT > IoT Radios and add an IoT radio with the following settings:

  • Radio(s): Internal
  • Radio mode(s): BLE
  • BLE operational mode: Both
  • Tx power: 0

Screen_Shot_2022-03-10_at_5.38.01_PM.png

After you are done, remember to Submit the changes, then Deploy changes for it to take affect.

Screen_Shot_2022-03-10_at_5.46.59_PM.png

Now apply this radio profile to the proper AP group by navigating to Configuration > AP Groups > <ap-group> and set the IoT internal radio profile

Screen_Shot_2022-03-10_at_6.01.39_PM.png

Just as before, Submit the change, then Deploy changes for the changes to apply.  After this, the BLEs will start to broadcast it's factory default ID.  

Configure Beacons Management 

After the BLE radio has been enabled on the AP, you are ready to configure the IoT profiles for Beacons Management.

Add Required Certificates for Beacon Management

Before configuring the profile, you must first add the following certificates on the Managed Device.

  1. Root CA:  GTS Root R1
  2. Subordinate CA:  GTS CA 1D4

These certificates are available from https://pki.goog/repository/.  Find the proper certificates, download the Certificate (PEM) format and add it to your Certificates library.  

Screen_Shot_2022-03-10_at_5.21.21_PM.png

 

Configure and Set the IoT Transport Profile for Beacons Management

Similar to enabling the BLE radio profile, there are two ways for configuring the IoT transport profile for Beacons Management.  Using the UI is more straightforward, but you can also use the CLI if you so choose.  All configuration done in this article will be done using the UI. navigate to Managed Network > Configuration > IoT > IoT Transports.  On this page, click the add (+) button and enter the following:

Screen_Shot_2022-03-11_at_10.19.24_AM.png

Name: Enter the name of the profile
Server type: Selece Meridan-Beacon-Management
Server URL: 

(Std) https://edit.meridianapps.com/api/beacons/manage

(EU) https://edit-eu.meridianapps.com/api/beacons/manage
Access Token: Copy and paste the Access Token from Meridian

Unlike the radio profile, you can include the AP Groups as part of the profile configuration.   Scroll to the bottom of the page and select the AP Groups.

Screen_Shot_2022-03-11_at_10.22.39_AM.png

And that's it.  After you Submit the changes and Apply Changes.  This should start to establish a connection to Meridian.

Screen_Shot_2022-03-10_at_6.22.44_PM.png

For connectivity, you can check the transport context status:

Initially the TransportContext will show Null Context -- Waiting Data. . .

Give it a couple of minutes and the check again and you should expect the TransportContext to show Ready
(host) *[mynode] #show ble_relay iot-profile

ConfigID : 1
---------------------------Profile[Beacons Management]---------------------------
serverURL             : https://edit.meridianapps.com/api/beacons/manage
serverType            : Meridian Beacon Management
deviceClassFilter     : Aruba Beacons
reportingInterval     : 600 second
accessToken.          : <access token>
rssiReporting.        : Average
environmentType.      : office
include_ap_group      : group-1

Server Connection State
--------------------------
TransportContext      : Ready
Last Data Update.     : <date time>
Last Send Time        : <date time> 
Last Receive Time.    : <date time>
TransType             : Https

Another place to check the transport stream is to navigate to Managed Networks > IoT > Dashboard > IoT and you should see the meridian beacons transport stream up.

Screen_Shot_2022-03-10_at_6.44.35_PM.png

Verify the connection to Meridian has been established in Editor

After the changes are set and deployed, the connection to Meridian beacon server should be established.  In Meridian Editor, navigate to the Beacons Management page to make sure the status for Beacon Management is Connected: Your Aruba network is connected to the Meridian Editor. The Editor last heard from your network a few seconds ago.

Unknown.png

Configure Asset Tracking

Configuring the Beacons Management is required prior to configuring the Asset Tracking. Asset tracking relies on the Beacons Management component to ensure that the internal BLE is being managed.  If you haven’t done it yet, please complete the section to Configure IoT Transport Profile for Beacons Management before starting with this section. 

 

Add the DigiCert Root Certificate to the Aruba Controller

Before starting the configurations for asset tracking, add the DigiCert Root Certificate to your Managed Device. 

Meridian Asset Tracking requires DigiCert Global Root CA which can be downloaded from https://www.digicert.com/kb/digicert-root-certificates.htm

To add the certificate to the Mobility Controller, navigate to  Configuration > System > Certificates > Import Certificates, and click on the "+" button:

  • Enter the Certificate name (no spaces)

  • Upload the Certificate

  • Select  PEM as the certificate format

  • Select TrustedCA as the certificate type.

  • Click Submit > Pending Changes > Deploy Changes 

Meridian Asset Tracking was previously using a GeoTrust Root Certificate for SSL signing. That is no longer needed, If you had previously installed the GeoTrust Root Certificate you can safely remove it from the WebGUI.

If you are unsure, you can search for it using the following CLI.  In this case, it did not exit, so there is not further actions to take:

(host) [mynode] #show crypto-local pki TrustedCA 

Certificates
------------
Name Original Filename Reference Count Expired
-------------- ----------------- --------------- -------
If you have installed the GeoTrust certificate mentioned, you can remove it using the following CLI:
(host) [mynode] #configure terminal 
Enter Configuration commands, one per line. End with CNTL/Z 

(host) [mynode] (config) #no crypto-local pki TrustedCA <GeoTrust cert name> 

 

Configure and Set the IoT Transport Profile for Beacons Management

Similar to configuring the Beacons Management transport profile, navigate to Managed Network > Configuration > IoT > IoT Transports.  On this page, click the add (+) button and enter the following:

Name: Enter the name of the profile
Server type: Selece Meridan-Asset-Tracking
Server URL: 

(Std)https://tags.meridianapps.com/api/v1beta1/streams/ingestion.start

(EU)https://tags-eu.meridianapps.com/api/v1beta1/streams/ingestion.start 

 
Access Token: Copy and paste the Access Token from Meridian
Location ID: Copy and past the Location ID from Meridian
  • Name:  enter the name of the asset tracking profile
  • Server type:  select Meridian-Asset-Tracking
  • Server URL:  enter the proper Server URL per instructions provided earlier.
  • Access Token:  copy and paste the Meridian access token here.

Scroll to the bottom of the page and select the AP Groups.

Click Submit the changes and Apply Changes.  This should start to establish a connection to Meridian.

Verify IoT Configurations are set.

(host) [mynode] #show iot transportProfile

IoT Data Profile List
---------------------
Name References      Profile Status
---- ----------      --------------
Asset Tracking       1
Beacons Management   1

Total:2
The “1” indicates that the IoT transport context profile has been set. 
 
Verify IoT Transport Profile for Asset Tracking is connected to Meridian server.
(Aruba9004) [mynode] #show ble_relay iot-profile
ConfigID : 4
---------------------------Profile[Assetmgmt1]---------------------------
serverURL                     : https://tags.meridianapps.com/api/v1beta1/streams/ingestion.start
serverType                    : Meridian Asset Tracking
deviceClassFilter             : Aruba Tags
reportingInterval             : 5 second
authentication-mode           : none
accessToken                   : <AccessToken>
clientID                      : <Location ID>
rssiReporting                 : Average
environmentType               : office
include_ap_group              : TestGroup

Server Connection State
--------------------------
TransportContext              : Connection Established 
Last Data Update              : <Date> 
Last Send Time                : <Time> 
TransType                     : Websocket
 

Summary

This guide provides the fundamental components necessary to configure the infrastructure to communicate with Meridian Servers for Beacons Management and Asset Tracking.

The beacons management IoT profile is required for both beacons management and asset tracking because it reports beacon and tag information such as hardware type, battery level, MAC address, uuid/major/minor, rssi, firmware, etc. to Meridian.  Whereas asset tracking iot profile only reports tag telemetry data to Meridian.  So, whether you are doing beacons management or asset tracking, you MUST have the beacons management transport profile configured.

If the system does not work as expected after completing all the steps described about, you may contact us as asp.arubanetworks.com

Related articles

Comments

0 comments

Please sign in to leave a comment.