Aruba Central

API Reference Guide

Copyright Information
© Copyright 2021 Hewlett Packard Enterprise Development LP.
Open Source Code
This product includes code licensed under the GNU General Public License, the GNU Lesser General
Public License, and/or certain other open source licenses. A complete machine-readable copy of the
source code corresponding to such code is available upon request. This offer is valid to anyone in
receipt of this information and shall expire three years following the date of the final distribution of
this product version by Hewlett Packard Enterprise Company. To obtain such source code, send a
check or money order in the amount of US $10.00 to:
Hewlett Packard Enterprise Company
6280 America Center Drive
San Jose, CA 95002
USA
 Contents

Contents

Contents 3
About this Guide 4
Related Documents 4
Conventions 4
Terminology Change 5
Contacting Support 5
API Gateway 6
Accessing API Gateway 7
Viewing Swagger Interface 7
List of Supported APIs 8
Domain URL 10
Creating Application and Token 10
Using OAuth 2.0 for Authentication 12
Access and Refresh Tokens 12
Obtaining Token Using Offline Token Mechanism 16
Obtaining Token Using OAuth Grant Mechanism 16
Step 1: Authenticate a User and Create a User Session 17
Step 2: [Optional] Generating Client Credentials 18
Step 3: Generate Authorization Code 19
Step 4: Exchange Auth Code for a Token 20
Step 5: Refreshing a Token 21
Step 6: Deleting a Token 22
Viewing Usage Statistics 23
Changes to Aruba Central APIs 24
New APIs 25
Modified API 29
Deprecated APIs 31
Removed APIs 34
Webhooks 37
Creating and Updating Webhooks Through the UI 38
Viewing Webhooks 40
Refreshing Webhooks Token Through the UI 41
Creating and Updating Webhooks Through the API Gateway 41
List of Webhooks APIs 42
Sample Webhooks Payload Format for Alerts 44
Access Point Alerts—Sample JSON 44
AOS-Switch Alerts—Sample JSON 55
AOS-CX Switch Alerts—Sample JSON 62
Gateway Alerts—Sample JSON 69
Miscellaneous Alerts—Sample JSON 87

Aruba Central | Reference Guide 3

 Chapter 1
About this Guide

About this Guide

This guide describes how to use Aruba Central Application Programming Interface (API) to configure your
applications.

Related Documents
For more information on Aruba Central, see Aruba Central Help Center —To access help center, click the help

icon in the Aruba Central UI.

Conventions
The following conventions are used throughout this guide to emphasize important concepts:

Table 1: Typographical Conventions

Type Style Description

Italics This style is used to emphasize important terms and to mark the titles of books.

System items This fixed-width font depicts the following:

n Sample screen output
n System prompts

Bold n Keys that are pressed

n Text typed into a GUI element
n GUI elements that are clicked or selected

The following informational icons are used throughout this guide:

Indicates helpful suggestions, pertinent information, and important things to remember.

Indicates a risk of damage to your hardware or loss of data.

Indicates a risk of personal injury or death.

Aruba Central | Reference Guide 4

Terminology Change
As part of advancing HPE's commitment to racial justice, we are taking a much-needed step in overhauling
HPE engineering terminology to reflect our belief system of diversity and inclusion. Some legacy products
and publications may continue to include terminology that seemingly evokes bias against specific groups of
people. Such content is not representative of our HPE culture and moving forward, Aruba will replace
racially insensitive terms and instead use the following new language:

Usage Old Language New Language

Campus Access Points + Controllers Master-Slave Conductor-Member

Instant Access Points Master-Slave Conductor-Member

Switch Stack Master-Slave Conductor-Member

Wireless LAN Controller Mobility Master Mobility Conductor

Firewall Configuration Blacklist, Whitelist Denylist, Allowlist

Types of Hackers Black Hat, White Hat Unethical, Ethical

Contacting Support
Table 2: Contact Information

Main Site arubanetworks.com

Support Site asp.arubanetworks.com

Airheads Social Forums and Knowledge community.arubanetworks.com

Base

North American Telephone 1-800-943-4526 (Toll Free)

1-408-754-1200

International Telephone arubanetworks.com/support-services/contact-support/

Software Licensing Site lms.arubanetworks.com

End-of-life Information arubanetworks.com/support-services/end-of-life/

Security Incident Response Team Site: arubanetworks.com/support-services/security-bulletins/

Email: [email protected]

About this Guide | 5

 Chapter 2
API Gateway

API Gateway
The API Gateway feature in Aruba Central supports the REST API for all Aruba Central services. This feature
allows Aruba Central users to write custom applications, embed, or integrate the APIs with their own
applications. The REST APIs support HTTP GET and POST operations by providing a specific URL for each
query. The output for these operations is returned in the JSON format.
For secure access to the APIs, the Aruba Central API Framework plug­-in supports OAuth protocol for
authentication and authorization. The access tokens provide a temporary and secure access to the APIs. The
access tokens have a limited lifetime for security reasons and the applications should use the refresh API to
obtain new tokens periodically (every 2 hours).

The API call volume is rate-limited to seven (7) calls per second, per customer.

The following figure illustrates the API gateway workflow for the users:

This section includes the following topics:

n Accessing API Gateway

n Viewing Swagger Interface
n List of Supported APIs

Aruba Central | Reference Guide 6

Accessing API Gateway
To access the API Gateway, complete the following steps:

1. In the Account Home page, under Global Settings, click API Gateway.

The API Gateway page is displayed. You can get new tokens and refresh old tokens. To obtain a new token
application, you must set authentication parameters for a user session.

Figure 1 Account Home Page with API Gateway Option

Important Points to Note

n The admin user profile of MSP has System Apps & Tokens tab which displays all the apps and tokens
generated locally in the admin user profile. This tab also displays all the apps created in the non-admin
user profiles. Clicking these apps lists out all the associated tokens created for the non-admin user
profile.
n Administrator role is specific to an app and hence the administrator account related RBAC library APIs
and decorators must contain the application name as one of the parameters in the access verification
query.
n The decorators associated with Account Home, Network Operations, or ClearPass Device Insight
must contain account_setting, central, or optik as app names respectively, as one of the parameters.

Viewing Swagger Interface

To view the APIs managed through Aruba Central, complete the following steps:

1. In the Account Home page, under Global Settings, click API Gateway.
The API Gateway page with the list of published APIs is displayed.
2. To view the Swagger interface, click the link in the Documentation column next to the specific
published API name. The documentation is displayed in a new window.

API Gateway | 7
 Figure 2 API Gateway Dashboard

List of Supported APIs

Aruba Central supports the following APIs for the managed devices.

Table 3: APIs and Description

API Description

Monitoring Gets network, client, and event details. It also allows you to manage labels and switches.

Configuration Allows you to configure and retrieve the following:

n Groups
n Templates
n Devices

AppRF Gets Top N AppRF statistics.

Guest Gets visitor and session details of the portal.

MSP Allows you to manage and retrieve the following:

n Customers
n Users
n Resources

n Devices
Aruba has enforced a request limit for the following APIs:
n GET /msp_api/v1/customers
n GET /msp_api/v1/customers/{customer_id}/devices
n GET /msp_api/v1/devices

n PUT /msp_api/v1/customers/{customer_id}/devices
The maximum limit is set to 50 per API call. If you exceed this limit, the API call returns the
HTTP error code 400 and the following error message: LIMIT_REQUEST_EXCEEDED.

User Allows you to manage users and also allows you to configure various types of users with a
Management specific level of access control.

Audit Event Logs Gets a list of audit events and the details of an audit event.

Aruba Central | Reference Guide 8

Table 3: APIs and Description
API Description

New Device Gets device details and device statistics.

Inventory

New Licensing Allows you to manage and retrieve subscription keys.

Presence Allows you to configure the Presence Analytics application. It also retrieves site and loyalty
Analytics data.

Device Allows you to manage devices.

Management

Firmware Allows you to manage firmware.

Troubleshooting Gets a list of troubleshooting commands for a specific type of device.

Notification Gets notification alerts generated for events pertaining to device provisioning,
configuration, and user management.

Unified Retrieves data for all sessions for a specific period of time. It also retrieves the total
Communications number of clients who made calls in the given time range and gets the Lync/Skype for
Business URL for the Aruba Central cluster that you are using.

Refresh API Allows you to refresh the API token.

Token

Reporting Gets the list of configured reports for the given customer ID.

WAN Health Allows you to the following:

n Get list of configured WAN health policies.
n Create a new WAN health policy.
n Delete an existing WAN health policy.
n Get the details of any specific WAN health policy.
n Update an existing WAN health policy.
n Get policy schedule details.
n Create a schedule for a WAN health policy.
n Get statistics for WAN health cookie generated for a site.
n Get WAN health test results.
n Get WAN health test results for a specific site.

Network Health Allows you to get data for all the labels and sites.

Webhook Allows you to add, or delete Webhooks, and get or refresh Webhook tokens. See Webhooks
for further details on Webhook.

VisualRF Allows you retrieve information on floor plans, location of APs, clients and rogue devices.

DPS Monitoring Gets DPS compliance and session statistics for all the links of a device belonging to a
specific policy.

For a complete list of APIs and the corresponding documentation, see https://app1-
apigw.central.arubanetworks.com/swagger/central.
This section also includes the following topics:

API Gateway | 9
 n Domain URL
n Creating Application and Token
n Viewing and Revoking Tokens
n Obtaining Token Using Offline Token Mechanism
n Viewing Usage Statistics
n Changes to Aruba Central APIs

Domain URL
To access the API Gateway or generating tokens, you must use the appropriate domain URL.
The following table shows the region-specific domain URLs for accessing API Gateway:

Table 4: Domain URLs for API Gateway Access

Region Domain Name

US-1 app1-apigw.central.arubanetworks.com

US-2 apigw-prod2.central.arubanetworks.com

US-WEST-4 apigw-uswest4.central.arubanetworks.com

EU-1 eu-apigw.central.arubanetworks.com

EU-2 apigw-eucentral2.central.arubanetworks.com

EU-3 apigw-eucentral3.central.arubanetworks.com

Canada-1 apigw-ca.central.arubanetworks.com

China-1 apigw.central.arubanetworks.com.cn

APAC-1 api-ap.central.arubanetworks.com

APAC-EAST1 apigw-apaceast.central.arubanetworks.com

APAC-SOUTH1 apigw-apacsouth.central.arubanetworks.com

Creating Application and Token

To create an application, complete the following steps:

1. In the Account Home page, under Global Settings, click API Gateway.
The API Gateway page is displayed.

Aruba Central | Reference Guide 10

 Figure 3 API Gateway Dashboard

2. Click the My Apps & Tokens tab.

The admin user will be able to create new apps for all the non-admin user by clicking + Add Apps &
Tokens in the System Apps & Tokens tab.

3. Click + Add Apps & Tokens.

Figure 4 Add Apps and Tokens Option Page

4. In the New Token pop-up window, do the following:

a. Enter the application name. In non-admin user profile, the Application Name field contains the
logged-in user name and is non-editable.
b. In the Redirect URI field, enter the redirect URL.
c. From the Application drop-down list, select the application.
d. Click Generate. A new application is created and added to the My Apps & Tokens table.
The My Apps & Tokens table displays the following details:

API Gateway | 11
 n Name—Name of the application. In non-admin user profile, the Application Name field
contains the logged-in user name and is non-editable. Any new tokens generated in non-
admin user profile is associated with the same application name.
n Client ID—Unique ID for each application.
n Client Secret—Unique secret ID for each application.
n Redirect URI—Redirect URL.
n Application—Name of the application. For example, Network Operations.
n Tokens—Token created for the application. The option is available to admin user profile only.
n Created At—Date on which the application was created.

To delete the added application, click delete icon on the row corresponding to an application and click
Yes to delete that application.

Only admin users will be able to generate tokens with multiple application names. In non-admin user profile, the
Application Name field contains the user name and is non-editable. Any new tokens generated in non- admin
user profile is associated with the same application name. However, all the multiple application names and the
associated tokens in non-admin user profiles from the earlier versions is retained in the Token List table.

Using OAuth 2.0 for Authentication

For secure access to the APIs, the Aruba Central API Framework plug-in supports OAuth protocol for
authentication and authorization. OAuth 2.0 is a simple and secure authorization framework. It allows
applications to acquire an access token for Aruba Central through a variety of work flows supported within
the OAuth 2.0 specification.
All OAuth 2.0 requests must use the SSL endpoint available at https://app1-
apigw.central.arubanetworks.com.

Access and Refresh Tokens

The access token is a string that identifies a user, app, or web page and is used by the app to access an API.
The access tokens provide a temporary and secure access to the APIs.
The access tokens have a limited lifetime. If the application uses web server or user-agent OAuth
authentication flows, a refresh token is provided during authorization that can be used to get a new access
token.
If you are writing a long running applications (web app) or native mobile application you should refresh the
token periodically. For more information, see Refreshing a token.
This section includes the following topics:

n Obtaining Access Token

n Accessing APIs
n Accessing Tenant APIs using MSP Access Token
n Viewing and Revoking Tokens
n Adding a New Token

Obtaining Access Token

Users can generate the OAuth token using one of the following methods:

Aruba Central | Reference Guide 12

n Obtaining Token Using Offline Token Mechanism
n Obtaining Token Using OAuth Grant Mechanism

Accessing APIs
To access the API, use the following URL:
https://app1-apigw.central.arubanetworks.com/.
This endpoint is accessible over SSL and the HTTP (non-SSL) connections are redirected to the SSL port.

Table 5: Accessing the API

URL Description

https://app1- The API gateway URL. All APIs can be accessed from this URL by providing
apigw.central.arubanetworks.com/ a correct access token.

The parameters for the API are as follows:

Table 6: Parameters for the API

Parameter Value Description

request_path URL URL path of an API, for example, to access monitoring APIs, use the path
Path /monitoring/v1/aps.

Table 7: Header for the API

Header Value Description

Authorization Bearer ouzMaXEBbB6XqGtsWomK7MvaTuhrqDQ1 Pass the access token in the header.

Example
Request Method: GET
https://app1-apigw.central.arubanetworks.com/monitoring/v1/aps
Request Header:
Authorization: Bearer ouzMaXEBbB6XqGtsWomK7MvaTuhrqDQ1
Response:

{
"aps": [
{
"firmware_version": "6.4.4.4-4.2.3.1_54637",
"group_name": "00TestVRK",
"ip_address": "10.29.18.195",
"labels": [
"Filter_242",
"Ziaomof",
"roster",
"242455",
"Diegso"
],
"macaddr": "6c:f3:7f:c3:5d:92",
"model": "AP-134",

API Gateway | 13
 "name": "6c:f3:7f:c3:5d:92",
"radios": [
{
"band": 0,
"index": 1,
"macaddr": "6c:f3:7f:b5:d9:20",
"status": "Down"
},
{
"band": 1,
"index": 0,
"macaddr": "6c:f3:7f:b5:d9:30",
"status": "Down"
}
],
"serial": "AX0140586",
"status": "Down",
"swarm_id": "e3bf1ba201a6f85f4b5eaedeead5e502d85a9aef58d8e1d8a0",
"swarm_master": true
}
],
"count": 1
}

Accessing Tenant APIs using MSP Access Token

MSP users can use their access token to perform the operation on their tenant accounts using NBAPI. User
privileges as per the tenant role are applied for these operations. An MSP user must provide the tenant info
(CID) as part of the request header.

The Rate-limit will be consumed from the MSP account quota.

Table 8: Header for the API

Header Value Description

TenantID 267958b55d5a463e94a302c20f4a6b68 Pass the tenant CID.

Example
Request Method: GET
https://app1-apigw.central.arubanetworks.com/central/v2/sites
Request Header:
TenantID: 267958b55d5a463e94a302c20f4a6b68
Response Code: 200
Response:

{
"count": 1,
"sites": [
{
"address": "bangalore",

Aruba Central | Reference Guide 14

 "associated_device_count": 4,
"city": "bangalore",
"country": "India",
"latitude": "12.9298689",
"longitude": "77.6848366",
"site_id": 1,
"site_name": "test-pcap",
"state": "Karnataka",
"tags": null,
"zipcode": "560103"
}
],
"total": 1
}

Viewing and Revoking Tokens

To view or revoke tokens, complete the following steps:

1. In the Account Home page, under Global Settings, click API Gateway. The API Gateway page is
displayed.
2. Click My Apps & Tokens. The Token List table displays the following:
n Token ID—Token ID of the application.

n User Name—Name of the user to whom this token is associated to. An application can be
associated to multiple users.
n Application—Name of the application to which this token is associated to. For example, Network
Operations.
n Generated At—Date on which the token was generated.
n Revoke Token—Click Revoke Token and click Yes to revoke the token associated to a particular
user. For example, if two users are associated to an application and if you want to remove access
to a particular user, revoke the token associated to that user.
n Download Token—Click Download Token to download the token.

In MSP mode, the admin user profile has System Apps & Tokens tab which displays all the apps and tokens
generated in all non-admin user profiles in addition to the apps and tokens created in the admin user profile. To
view all the tokens of admin and non-admin user, go to Account Home > Global Settings > API Gateway >
System Apps & Tokens.

Adding a New Token

To add a new token, complete the following steps:

1. In the Account Home page, under Global Settings, click API Gateway. The API Gateway page is
displayed.
2. Click My Apps & Tokens.

The admin user can create new tokens for all non-admin users by clicking + Add Apps & Tokens in the System
Apps & Tokens tab.

API Gateway | 15
 3. Click + Add Apps & Tokens to add a new token.
4. Enter the application name in the Application Name box and click Generate.

If you have registered a custom URI when creating a new app under System Apps and Tokens, the Redirect
URI option is disabled for you in the My Apps and Tokens tab > Add Apps and Tokens > New Token . In such
cases, the Redirect URI option in Add Apps and Tokens > New Token under My Apps and Tokens populates
your already registered URI.

Obtaining Token Using Offline Token Mechanism

To obtain tokens using the offline token method, complete the following steps:

1. In the Account Home page, under Global Settings, click API Gateway. The API Gateway page is
displayed.
2. Click My Apps & Tokens.

In the MSP mode, the admin user profile can view the System Apps & Tokens tab which displays all the
apps and tokens generated in all the non-admin user profiles in addition to the apps and tokens created in
the admin user profile.

3. Click + Add Apps & Tokens. The New Token pane is displayed.
4. Enter the application name and redirect URI in the Application Name and Redirect URI fields
respectively.
5. Choose the application from the Application drop-down list and click Generate to generate a new
token.
6. The Token List table displays the following:
n Token ID—Token ID of the application.
n User Name—Name of the user to whom this token is associated to. An application can be
associated to multiple users.
n Application—Name of the application to which this token is associated to. For example, Network
Operations.
n Generated At—Date on which the token was generated.
n Revoke Token—Click Revoke Token and click Yes to revoke the token associated to a particular
user. For example, if two users are associated to an application and if you want to remove access
to a particular user, revoke the token associated to that user.
n Download Token—Click Download Token to download the token.

Obtaining Token Using OAuth Grant Mechanism

The following section describes the steps for obtaining the access token and refresh token using the
authorization code grant mechanism:

n Step 1: Authenticate a User and Create a User Session

n Step 2: [Optional] Generating Client Credentials
n Step 3: Generate Authorization Code
n Step 4: Exchange Auth Code for a Token

Aruba Central | Reference Guide 16

n Step 5: Refreshing a Token
n Step 6: Deleting a Token

API calls are limited to 1 API per second. This rate-limit is applicable only to the APIs in the first 3 steps mentioned
above.

Step 1: Authenticate a User and Create a User Session

The following API authenticates a user and returns a user session value that can be used to create future
requests for a client with the specified username and password. It is assumed that you already have a client
ID for your application. For more information on how to create an application and obtain tokens, see
Creating Application and Token.
API Gateway allow you to log in to the API gateway server and to establish the user session. This endpoint is
accessible over SSL, and HTTP (non-SSL) connections are redirected to SSL port. The following table lists the
region specific domain URLs for accessing the API gateway.
If user authentication is successful, the request will return HTTP code 200 and the response header will
include the following attributes.

Table 9: Authentication and User session Response Codes

Header Key Values Description

https://app1- csrftoken=xxxx; The server

apigw.central.arubanetworks.com/oauth2/authorize/central/api/login?client_ session=xxxx returns a
id=<client_id> CSRF token
and identifies
the user
session, which
must be used
for all
subsequent
HTTP
requests.

Example
Request Method: POST
URL: https://app1- apigw.central.arubanetworks.com/oauth2/authorize/central/api/login?client_
id=<client_id> HTTP/1.1
Host: app1-apigw.central.arubanetworks.com
Request Header:
Accept: application/json
Content -Type: application/json
POST Request Body(JSON):
{
"username": "xxxxx",
"password": "xxxxx"
}
Error Response:
400: Bad Request
Response Body (JSON):
{
"extra": {},

API Gateway | 17
 "message": "<error string>"
}
401: Auth failure
Response Body (JSON):
{
"message": "Auth failure",
"status": false
}
429: API rate limit exceeded
Response Body (JSON):
{
"message": "API rate limit exceeded"
}
Success Response:
200: OK
Response Body (JSON):
{
"status": true
}
Response Header:
Set-Cookie: csrftoken=xxxx;session=xxxx;

The csrf token value received in the successful response message must be used as a parameter for all
subsequent POST/PUT requests. The session value must also be used for all subsequent requests to maintain
the user session context.

Step 2: [Optional] Generating Client Credentials

The following API can be used to generate client credentials for a specific tenant using your Managed Service
Provider (MSP) Client ID.

Table 10: URL to Generate Client Credentials

URL Description

https://app1- The <msp_client_id> variableis the

apigw.central.arubanetworks.com/oauth2/authorize/central/api/client_ client ID given from Central to that a
credentials?client_id=<msp_client_id> Managed Service Provider that user
registered the application.

Example
Request Method: POST
URI—https://app1-apigw.central.arubanetworks.coms/oauth2/authorize/central/api/client_
credentials?client_id=<msp_client_id>
POST Request Body(JSON):
{
"customer_id": "<tenant_id>"
}
Request Header: (Values from login API request)

Set-Cookie: csrftoken=xxxx;session=xxxx;
Response Body(JSON):
{
"client_id": "<new-client-id>",
"client_secret": <new-client-secret>"
}
Error Response

Aruba Central | Reference Guide 18

429: API rate limit exceeded
Response Body (JSON):
{
"message": "API rate limit exceeded"
}

Step 3: Generate Authorization Code

After the user is authenticated and you have a valid session for that user, use this API to get authorization
code. The authorization code is valid only for 5 minutes and must be exchanged for a token within that
time.

Table 11: URL for to Generate an Authorization Code

URL Description

https://app1 The endpoint is a POST call to get an

apigw.central.arubanetworks.com/oauth2/authorize/central/api authorization code.

Query parameters for this API are as follows:

Table 12: Query Parameters for the Auth Code API

Parameter Values Description

client_id client_id is a The client_id is a unique identifier that identifies the caller. Application
unique developers obtain a client ID and a client secret when they register with the
hexadecimal API gateway admin.
string

response_ code Use code as the response type to get the authorization code that can be
type exchanged for token

scope all or read Requested API permissions may be either all (for both read and write
access) or read for read-only access.

Example
Request Method: POST
URL: https://app1 - apigw.central.arubanetworks.com/oauth2/authorize/central/api/?client_id=<client_
id>&response_type=code&scope=all HTTP/1.1
Host: app1-apigw.central.arubanetworks.com
Request Header:
Accept: application/json Cookie: “session=xxxx” X-CSRF-Token: xxxx
Content -Type: application/json
POST Request Body(JSON):
{
"customer_id": "xxxxx"
}
Error Response:
400: Bad Request
Response Body (JSON):
{
"extra": {},
"message": "<error string>"
}
401: Auth failure

API Gateway | 19
 Response Body (JSON):
{
"message": "Auth failure",
"status": false
}
429: API rate limit exceeded
Response Body (JSON):
{
"message": "API rate limit exceeded"
}
Success Response:
200: OK
Response Body (JSON):
{
" auth_code ": “xxxx”
}

Pass the csrf-token value you obtained in step one in the request header, otherwise the request will be rejected.
Note the auth_code value in the response, as you will use this code to obtain an OAuth token.

Response Header:
Set-Cookie: csrftoken=xxxx;session=xxxx;

Step 4: Exchange Auth Code for a Token

Once you have an authorization code, you just use that code to request an access from the server. The
exchanges should be done within 300 seconds of obtaining the auth code from the previous step, or the API
will return an error.

Table 13: URL for to Generate an Auth Token

URL Description

https:// app1- apigw.central.arubanetworks.com/oauth2/token The endpoint is a POST call to get an

access token using the authorization code
obtained from the server.

Query parameters for this API are as follows:

Table 14: Query Parameters for the Auth Code API

Parameter Values Description

client_id client_id is a The client_id is a unique identifier that identifies the caller. Application
unique developers obtain a client ID and a client secret when they register with the
hexadecimal API gateway admin.
string

client_secret client_secret is The client_secret is a unique identifier provided to each developer at the time
a unique of registration. Application developers can obtain a client ID and client secret
hexadecimal when they register with the API gateway admin.
string

grant_type authorization_ Use code to get the authorization code that can be exchanged for the token.
code

Aruba Central | Reference Guide 20

 Parameter Values Description

code auth_code The authorization code received from the authorization server.
received from
step 1

redirect_uri string The redirect URI must be the same as the one given at the time of
registration. This is an optional parameter.

The response to this API query is a JSON dictionary with following values:

Table 15: Auth Token Values

Parameter Values Description

token_type bearer Identifies the token type. Central supports only the bearer token type (See
https://tools.ietf.org/html/rfc6750)

refresh_ string Refresh tokens are credentials used to renew or refresh the access_token when it
token expires without repeating the complete authentication flow. A refresh token is a
string representing the authorization granted to the client by the resource owner.

expires_in seconds The lifetime, in seconds, of the access token.

access_ string Access tokens are credentials used to access protected resources. An access token is
token a string representing an authorization issued to the client.

Example
Request Method: POST
URL: https: //apigw-prod2.central.arubanetworks.com/oauth2/token?client_id=<Ccentral-API-app-
clientid>&client_secret=xxxx&grant_type=authorization_code&code=xxxx \
Content -Type: application/json
Response:
{
"refresh_token": "xxxx",
"token_type": "bearer",
"access_token": "xxxx",
"expires_in": 7200
}

Step 5: Refreshing a Token

You can use the refresh token obtained in the previous step to update the access token without repeating
the entire authentication process. A refresh token is only required once your access token is expired. You
can only refresh a token for a new access token every 15 minutes. For example, when you refresh a new
token, you can use the provided access token for 2 hours. If you want a new access token, you have to
again refresh the token after 15 minutes from its last refresh.

Table 16: URL to Refresh a Token

URL Description

https://app1- The endpoint is a POST call to refresh the access token using
apigw.central.arubanetworks.com/oauth2/token the refresh token obtained from the server

API Gateway | 21
 Query parameters for this API are as follows:

Table 17: Query Parameters for Refresh Tokens

Parameter Value Description

client_id client_id is a The client_id is a unique identifier that identifies the caller. Application
unique developers obtain a client ID and a client secret when they register with the
hexadecimal API gateway admin.
string

client_secret client_secret is The client_secret is a unique identifier provided to each developer at the time
a unique of registration. Application developers obtain a client ID and a client secret
hexadecimal when they register with the API gateway admin.
string

grant_type refresh_token Specify refresh_token as the grant type to request that an authorization code
be exchanged for a token

refresh_ string A string representing the authorization granted to the client by the resource
token owner.

The response to this API query is a JSON dictionary with following values:

Parameter Value Description

token_type bearer Identifies the token type. Only the bearer token type is supported. For more
information, see https://tools.ietf.org/html/rfc6750.

refresh_ string Refresh tokens are credentials used to renew or refresh the access token when it
token expires without going through the complete authorization flow. A refresh token is a
string representing the authorization granted to the client by the resource owner.

expires_in seconds The expiration duration of the access tokens in seconds.

access_ string Access tokens are credentials used to access the protected resources. An access
token token is a string representing an authorization issued to the client.

Example
Method: POST
https://apigw-prod2.central.arubanetworks.com/oauth2/token?client_id=<Central-API-app-
clientid>&client_secret=xxxx&grant_type=refresh_token&refresh_token=xxxx
Response
{
"refresh_token": "xxxx",
"token_type": "bearer",
"access_token": "xxxx",
"expires_in": 7200
}

Step 6: Deleting a Token

To delete the access token, access the following URL:

Aruba Central | Reference Guide 22

Table 18: URL to Delete a Token
URL Description

https://app1- This endpoint is accessible over SSL. The HTTP (non-SSL)

apigw.central.arubanetworks.com/oauth2/token connections are redirected to SSL port. Customer ID is a
string.

Example
Method : DELETE
URL:https://app1-apigw.central.arubanetworks.com/oauth2/api/tokens
JSON Body:
{
"access_token": "<access_token_to_be_deleted>"
}
Headers:
Content-Type: application/json
X-CSRF-Token: <CSRF_token_obatained_from_login_API>
Cookie: "session=<session_obatained_from_login_API>"

Viewing Usage Statistics

The API Gateway page includes the Usage tab that displays the API usage. The Usage tab is available only
for administrators and the usage data is stored only for the previous 30 days. The following details are
displayed:

n Current Usage
n Last one week API usage data
n Per user usage
n MSP and tenant usage if you are in MSP mode

To view the usage statistics for users of API Gateway, complete the following steps:

1. In the Account Home page, under Global Settings, click API Gateway. The API Gateway page is
displayed.

API Gateway | 23
 2. Click Usage. The following details are displayed:

Figure 5 API Gateway Usage Page

a. Current usage—Current usage of API calls assigned for a day along with the reset time in local
time zone.
b. Last one week API usage data:
n Date—The date of usage.

n API Calls Per Day—API calls per day.

n Usage Percentage—Usage percentage for a specific date.

c. Per User Usage:

n User—The name of the user.

n Date—The date on which the application was accessed.

n Usage Per Day—The total usage by the user per day. This is derived based on the total
number of API calls made on a per day basis. This is an aggregate across all customers.
d. If you are in MSP mode, the MSP & Tenant Usage table is displayed:
n Tenant ID: ID of the tenant account.

n Date: The date on which the application was accessed.

n Usage Per Day: The total usage by the tenant account per day. This is derived based on the
total number of API calls made on a per day basis.
3. To download the API gateway usage statistics, click Download CSV.

The Usage tab is only available for administrators and the usage data is stored only for the previous 30 days.

Changes to Aruba Central APIs

This section lists the new APIs, deprecated APIs, alternative APIs, and APIs removed from Aruba Central:

n New APIs
n Modified API

Aruba Central | Reference Guide 24

n Deprecated APIs
n Removed APIs
New APIs
The following table lists the new APIs:
Table 19: New APIs
New API
Monitoring > Clients APIs
n [GET] /monitoring/v2/clients
n [GET] /monitoring/v2/clients/
{macaddr}
Authentication & Policy > Client Policy APIs
n [GET] /client_policy
n [DELETE] /client_policy
n [PUT] /client_policy
Authentication & Policy > Client Registration APIs
n [GET] /client_registration
n [DELETE] /client_registration/{mac_
address}
Description
This API is introduced to get a list of unified clients and it is
backward compatible with the version 1 APIs (GET
/monitoring/v1/clients/wired and GET
/monitoring/v1/clients/wireless). This API version is introduced
with the following parameter inclusions:
n last_client_mac—Use this parameter to fetch the next set of
clients beyond set limit. This is used to fetch the clients details
beyond 10000 clients.
n timerange— Use this to filter the unified client information
based on the time range. By default, 3 hours is selected.
n client_type—Use this to select the client type as WIRELESS or
WIRED. By default, client type is selected as WIRELESS.
n client_status—Use this to select either CONNECTED for a list
of connected clients or FAILED_TO_CONNECT for a list failed
clients. By default, the client status is selected as
CONNECTED.
This API is introduced to get the client details (wired and wireless).
This API is introduced to fetch a policy that allows network access
for registered clients, based on their MAC address and client
profile tag.
This API is introduced to delete an existing policy to remove
network access for all registered clients.
This API is introduced to configure or update a policy that allows
network access for registered clients, based on their MAC address
and client profile tag.
This API is introduced to fetch the list of registered clients that are
allowed to access the network.
This API is introduced to delete the registered client and to
remove network access.
API Gateway | 25
 Table 19: New APIs
New API Description

n [POST] /client_registration This API is introduced to add a registered client to allow network
access.

n [PATCH] /client_registration/{mac_ This API is introduced to update Client Name for the registered
clients.
address}

Authentication & Policy > User policy APIs

n [GET] /user_policy This API is introduced to fetch a policy that allows wireless network
access for users, based on their user groups.

n [DELETE] /user_policy This API is introduced to delete existing policy to remove wireless
network access for all users.

n [PUT] /user_policy This API is introduced to configure a policy to allow wireless

network access for users, based on their user groups.

AI OPs > Wi-Fi Connectivity at Global APIs

NOTE: For all AI Ops APIs, AI Insights will get triggered only when there are failure events in the user network,
so all Insights might not be present all the time. Therefore, providing an empty API response for a selected time
period.

n [GET] This APIs are introduced to get the overall Connectivity

Information for a given time duration. Use stage parameter to get
/aiops/v1/connectivity/global/stage/
the information for that stage.
{stage}/export
n [GET] /aiops/v1/connectivity/site/
{site_id}/stage/{stage}/export
n [GET] /aiops/v1/connectivity/group/
{group}/stage/{stage}/export

AI OPs > AI Insights List APIs

n [GET] /aiops/v2/insights/global/list This APIs are introduced to get the list of insights for a given time
duration
n [GET] /aiops/v2/insights/site/{site_
id}/list
n [GET] /aiops/v2/insights/ap/{ap_
serial}/list
n [GET] /aiops/v2/insights/client/{sta_
mac}/list
n [GET] /aiops/v2/insights/gateway/
{gw_serial}/list
n [GET] /aiops/v2/insights/switch/{sw_
serial}/list

AI OPs > AI Insight Details APIs

n [GET] /aiops/v2/insights/global/id/ This APIs are introduced to get details of single insight for a given
time duration.
{insight_id}/export
n [GET] /aiops/v2/insights/site/{site_

Aruba Central | Reference Guide 26

Table 19: New APIs
New API Description

id}/id/{insight_id}/export
n [GET] /aiops/v2/insights/ap/{ap_
serial}/id/{insight_id}/export
n [GET] /aiops/v2/insights/client/{sta_
mac}/id/{insight_id}/export
n [GET] /aiops/v2/insights/gateway/
{gw_serial}/id/{insight_id}/export
n [GET] /aiops/v2/insights/switch/{sw_
serial}/id/{insight_id}/export

MSP > Groups APIs

n [GET] /msp_api/v1/groups/{group_ This API is introduced to get the list of customers mapped to MSP
group based on limit and offset.
name}/customers

Troubleshooting APIs

n [GET] /troubleshooting/v1/running- This API is introduced to get list of backups associated with the
device serial.
config-backup/serial/{serial}

n [GET] /troubleshooting/v1/running- This API is introduced to filter/list the backups associated with the
device serial and starting with the prefix.
config-backup/serial/{serial}/prefix/
{prefix}

n [GET] /troubleshooting/v1/running- This API is introduced to fetch the backup stored against the given
name.
config-backup/name/{name}

n [POST] This API is introduced to initiate backup of running config for the
switch with the given serial and store output against a name
/troubleshooting/v1/running-config-
starting with the given prefix.
backup/serial/{serial}/prefix/
{prefix}

n [POST] This API is introduced to initiate backup of running config for

switches in the group and store output against names starting
/troubleshooting/v1/running-config-
with the given prefix.
backup/group_name/{group_
name}/prefix/{prefix}

Configuration > WLAN Configuration APIs

n [GET] /configuration/full_hotspot/ This API is introduced to get the WLAN list of an UI group.
{group_name_or_guid}

n [GET] /configuration/full_hotspot/ This API is introduced to get the hotspot list of an UI group or swarm
{group_name_or_guid}/{mode_ with mode name.
name}

n [GET] /configuration/full_hotspot/ This API is introduced to get the WLAN default configuration.

API Gateway | 27
 Table 19: New APIs
New API Description

{group_name_or_guid}/template

n [GET] /configuration/full_hotspot/
{group_name_or_guid}/{hotspot_
name}/{mode_name}
This API is introduced to initiate backup of running config for the
switch with the given serial and store output against a name
starting with the given prefix.

n [POST] /configuration/full_hotspot/ This API is introduced to create a new hotspot.

{group_name_or_guid}/{hotspot_
name}/{mode_name}

n [DELETE] /configuration/full_ This API is introduced to delete an existing hotspot.

hotspot/{group_name_or_guid}/
{hotspot_name}/{mode_name}

n [PUT] /configuration/full_hotspot/ This API is introduced to update an existing hotspot.

{group_name_or_guid}/{hotspot_
name}/{mode_name}

Service IPMS > Aruba ipms APIs

NOTE: In the API parameter, make sure that the node_type and node_id fields are set to Global.

n [GET] /ipms-config/v1/node_list/ This API is introduced to retrieve an ip range.

{node_type}/{node_
id}/config/address_pool/{pool_
name}/ip_range/

n [DELETE] /ipms-config/v1/node_list/ This API is introduced to delete a config.

{node_type}/{node_id}/config/

n [GET] /ipms-config/v1/node_list/ This API is introduced to retrieve a config.

{node_type}/{node_id}/config/

n [GET] /ipms-config/v1/node_list/ This API is introduced to retrieve an address pool.

{node_type}/{node_
id}/config/address_pool/

n [DELETE] /ipms-config/v1/node_list/ This API is introduced to delete an address pool.

{node_type}/{node_
id}/config/address_pool/{pool_
name}/

n [GET] /ipms-config/v1/node_list/ This API is introduced to retrieve an address pool by identifier pool
name.
{node_type}/{node_
id}/config/address_pool/{pool_
name}/

Aruba Central | Reference Guide 28

Table 19: New APIs
New API Description

n [POST] /ipms-config/v1/node_list/ This API is introduced to create an address pool by identifier pool
name.
{node_type}/{node_
id}/config/address_pool/{pool_
name}/

n [PUT] /ipms-config/v1/node_list/ This API is introduced to create or update the address pool by
identifier pool name.
{node_type}/{node_
id}/config/address_pool/{pool_
name}/

n [DELETE] /ipms-config/v1/node_list/ This API is introduced to delete the IP range by identifier range id.
{node_type}/{node_
id}/config/address_pool/{pool_
name}/ip_range/{range_id}/

n [GET] /ipms-config/v1/node_list/ This API is introduced to retrieve the IP range by identifier range
id.
{node_type}/{node_
id}/config/address_pool/{pool_
name}/ip_range/{range_id}/

n [POST] /ipms-config/v1/node_list/ This API is introduced to create IP range by identifier range id.
{node_type}/{node_
id}/config/address_pool/{pool_
name}/ip_range/{range_id}/

n [PUT] /ipms-config/v1/node_list/ This API is introduced to create or update the IP range by identifier
range id.
{node_type}/{node_
id}/config/address_pool/{pool_
name}/ip_range/{range_id}/

n [GET] /ipms-config/v1/node_list/ This API is introduced to have global level config for IPMS service.
{node_type}/{node_id}/

Modified API
The following table lists the modified APIs:

Table 20: Modified APIs

Modified API Description

Monitoring > Switch APIs

n [GET] /monitoring/v1/switch_
stacks/{stack-id}/ports
n [GET] /monitoring/v1/switches/
{serial}/ports
Following fields are added in the response to ensure that the API call
gets a list of ports, which includes:
n out_errors per port
n in_errors per port

API Gateway | 29
 Table 20: Modified APIs
Modified API
n [GET] /monitoring/v1/switches/
{serial}
n [GET] /monitoring/v1/switch_
stacks/{stack_id}
n GET /monitoring/v1/switches
n GET /monitoring/v1/switches/
{serial}
n GET /monitoring/v1/switch_
stacks
Audit Event Logs
n [GET] /auditlogs/v1/events
n [GET]
/platform/auditlogs/v1/logs
Monitoring > Client API
n [GET]
/monitoring/v1/clients/wireless
n [GET]
/monitoring/v1/clients/wired
Monitoring > Gateway
n [GET] /monitoring/v1/gateways
Monitoring > Access Points
Aruba Central | Reference Guide
Description
The switch_type field is added to select the type of switch in the API
endpoints. Following are the supported values:
n ArubaCX
n ArubaSwitch
n MAAS
n site parameter is introduced to filter the switches by site name.
n site and stack_id fields are added to the response to get the site
name and stack id details for the switches.
n The switch_type field is added in the response to select the type of
switch in the API endpoints. Following are the supported values:
o AOS-CX
o AOS-S
n site and stack_id fields are added to the response to get the site
name and stack id details for the switches.
n nae_aggr_status field is added to the response that informs about
the switch status either as Critical, Major, Minor, Normal, and
Warning. This field is only applicable for CX switches.
n host_name parameter is introduced to filter the switches by host
name.
n The limit parameter has been enhanced to return 100 audit
events.
n Following new parameters are introduced to filter audit events by
time range:
o start_time—Start time in epoch seconds. If start time is not
specified, current time minus 90 days is automatically filled in as
the start time.
o end_time—End time in epoch seconds. If end time is not
specified, current time is automatically filled in as the end time.
n site parameter is introduced to filter the APIs by site name.
n To retrieve clients beyond 10,000, use the last_client_mac
parameter to fetch the next set of clients.
site parameter is introduced to filter the APIs by site name.
30
Table 20: Modified APIs
Modified API Description

n [GET] /monitoring/v1/aps/ Following fields are added in the response to get the site and swarm
name of the AP :
{serial}
n site_name
n swarm_name

Monitoring > Swarm

n [GET] /monitoring/v1/swarms swarm_name parameter is introduced to filter the API by swarm name.

Topology

n [GET] /{site_id} Following fields are added/modified in the response:

n vlans—Lists the vlans configured on the device.
n taggedVlans and untaggedVlan—Lists the tagged and untagged
vlan associated to the ports of the edge. This is applicable only for
switches.
n In alignment with the redesign of HPE engineering terminology, the
term Master in the API response changed to Conductor.

n [GET] /devices/{device_serial} n In alignment with the redesign of HPE engineering terminology, the
term Master in the API response changed to Conductor.

Deprecated APIs
The following table lists the APIs that have been deprecated. These APIs will continue to function but could
be removed in a future release. Aruba strongly discourages the use of these APIs and recommends that you
use the alternative API.

Table 21: Deprecated APIs

Deprecated API Alternative API

User Management

[GET] /accounts/v2/users [GET] /platform/rbac/v1/users

[POST] /accounts/v2/users [POST] /platform/rbac/v1/users

[POST] /accounts/v1/users/change_ [POST] /platform/rbac/v1/users/{user_id}/password

password

[POST] /accounts/v1/users/reset_password [POST] /platform/rbac/v1/users/{user_id}/password/reset

[GET] /accounts/v2/users/{user_id} [GET] /platform/rbac/v1/users/{user_id}

[PATCH] /accounts/v2/users/{user_id} [PATCH] /platform/rbac/v1/users/{user_id}

[POST] /accounts/v1/bulk_users [POST] /platform/rbac/v1/bulk_users

[PATCH] /accounts/v1/bulk_users [PATCH] /platform/rbac/v1/bulk_users

API Gateway | 31
 Table 21: Deprecated APIs
Deprecated API Alternative API

[GET] /accounts/v1/status/{cookie_name} [GET] /platform/rbac/v1/status/{cookie_name}

[GET] /accounts/v1/roles [GET] /platform/rbac/v1/roles

[POST] /accounts/v1/roles [POST] /platform/rbac/v1/apps/{app_name}/roles

[GET] /accounts/v1/roles/{rolename} [GET] /platform/rbac/v1/apps/{app_name}/roles/

{rolename}

[DELETE] /accounts/v1/roles/{rolename} [DELETE] /platform/rbac/v1/apps/{app_name}/roles/

{rolename}

[PATCH] /accounts/v1/roles/{rolename} [PATCH] /platform/rbac/v1/apps/{app_name}/roles/

{rolename}

[GET] /accounts/v3/users [GET] /platform/rbac/v1/users

[GET] /accounts/v1/users [GET] /platform/rbac/v1/users

[POST] /accounts/v1/users [GET] /platform/rbac/v1/users

[GET] /accounts/v1/users/{user_id} [GET] /platform/rbac/v1/users/{user_id}

[PATCH] /accounts/v1/users/{user_id} [PATCH] /platform/rbac/v1/users/{user_id}

[POST] /v2/subscriptions/assign [POST] /platform/licensing/v1/subscriptions/assign

Presence Analytics

[GET] /presence/v2/config/thresholds [GET] /presence/v3/config/thresholds

[POST] /presence/v2/config/thresholds [POST] /presence/v3/config/thresholds

[GET] /presence/v2/analytics/aggregates NA

[GET] /presence/v2/analytics/trends [GET] /presence/v3/analytics/trends/passerby_visitors

[GET] /presence/v2/insights/top_sites NA

[GET] /presence/v2/insights/bottom_sites NA

[GET] [GET] /presence/v3/insights/sites/aggregates

/presence/v2/insights/sites/aggregates

[GET] /presence/v2/loyalty/aggregates NA

[GET] /presence/v2/loyalty/trends [GET] /presence/v3/analytics/trends/loyal_visitors

[GET] /presence/v2/loyalty/visits [GET] /presence/v3/visit_frequency

n [GET] NA
/presence/v2/loyalty/aggregates/top_
sites
n [GET]

Aruba Central | Reference Guide 32

Table 21: Deprecated APIs
Deprecated API Alternative API

[/presence/v2/loyalty/aggregates/botto
m_sites
n [GET] /presence/v2/loyalty/trends/top_
sites
n [GET]
/presence/v2/loyalty/trends/bottom_
sites

NOTE: Expected to be slow for customers with

large number of sites.

[GET] /presence/v2/loyalty/sites/aggregates [GET] /presence/v3/insights/sites/aggregates

Monitoring > VPN

n [GET] /monitoring/v1/vpn/usage [POST] /monitoring/v3/vpn/usage

n [GET] /monitoring/v2/vpn/usage

Monitoring > Access Points

[GET] /monitoring/v1/aps [GET] /monitoring/v2/aps

[GET] /monitoring/v2/aps/{serial}/rf_ [GET] /monitoring/v3/aps/{serial}/rf_summary

summary

n [GET] /monitoring/v1/aps/bandwidth_ [GET] /monitoring/v3/aps/bandwidth_usage

usage
n [GET] /monitoring/v2/aps/bandwidth_
usage

[GET] /monitoring/v1/aps/{serial}/uplink_ NA
history

[GET] /monitoring/v1/aps/ NA
{serial}/neighbouring_clients

[GET] /monitoring/v1/bssids [GET] /monitoring/v2/bssids

[GET] /monitoring/v1/aps/bandwidth_ [GET] /monitoring/v2/aps/bandwidth_usage/topn

usage/topn

Monitoring > Network

[GET] /monitoring/v1/networks [GET] /monitoring/v2/networks

[GET] /monitoring/v1/networks/{network_ [GET] /monitoring/v2/networks/{network_name}

name}

[GET] /monitoring/v1/networks/bandwidth_ [GET] /monitoring/v2/networks/bandwidth_usage

usage

API Gateway | 33
 Table 21: Deprecated APIs
Deprecated API Alternative API

Deprecated Licensing

[GET] /subscriptions [GET] /platform/licensing/v1/subscriptions

[GET] /subscriptions/stats [GET] /platform/licensing/v1/subscriptions/stats

[GET] /services/enabled [GET] /platform/licensing/v1/services/enabled

[GET] /subscriptions/assign [POST] /platform/licensing/v1/subscriptions/assign

[POST] /subscriptions/unassign [POST] /platform/licensing/v1/subscriptions/unassign

[GET] /services/config [GET] /platform/licensing/v1/services/config

[DELETE] /subscriptions/devices/all [DELETE]

/platform/licensing/v1/subscriptions/devices/all

[POST] /subscriptions/devices/all [POST] /platform/licensing/v1/subscriptions/devices/all

[DELETE] /msp/subscriptions/devices/all [DELETE]

/platform/licensing/v1/msp/subscriptions/devices/all

[POST] /msp/subscriptions/devices/all [POST]

/platform/licensing/v1/msp/subscriptions/devices/all

[GET] /autolicensing/services/ [GET] /platform/licensing/v1/autolicensing/services/

{service}/status {service}/status

[DELETE] /customer/settings/autolicense [DELETE]

/platform/licensing/v1/customer/settings/autolicense

[GET] /customer/settings/autolicense [GET]

/platform/licensing/v1/customer/settings/autolicense

[POST] /customer/settings/autolicense [POST]

/platform/licensing/v1/customer/settings/autolicense

[DELETE] [DELETE]
/msp/customer/settings/autolicense /platform/licensing/v1/msp/customer/settings/autolicen
se

[GET] /msp/customer/settings/autolicense [GET]

/platform/licensing/v1/msp/customer/settings/autolicen
se

[POST] /msp/customer/settings/autolicense [POST]

/platform/licensing/v1/msp/customer/settings/autolicen
se

Removed APIs
The following table lists the APIs that have been removed and the alternative APIs:

Aruba Central | Reference Guide 34

Table 22: Removed and Alternative APIs
Removed API
User Management
[DELETE] /accounts/v1/users/{user_id}
[DELETE] /accounts/v1/bulk_users
Device Management
[GET] /configuration/v1/devices/{device_
serial}/mobility_master/
[POST] /configuration/v1/devices/{device_
serial}/mobility_master/{mm_name}
WIDS
n [GET] /monitoring/v1/wids/rogue_aps
n [GET] /monitoring/v1/wids/interfering_aps
[GET] /monitoring/v1/wids/infrastructure_attacks
[GET] /monitoring/v1/wids/client_attacks
[GET] /monitoring/v1/wids/events
Configuration
n [PUT] /configuration/v1/msp/templates—This
API updates the MSP customer level template to all
template groups for the end customers.
n [PUT]
/configuration/v1/msp/templates/customer/
{cid}—This API updates the end customer-level
template and applies the template to all template
groups.
NOTE: To achieve the functionality of [PUT]
/configuration/v1/msp/templates API, it is
recommended that you use the combination of 1, 3,
and 4 numbered APIs from the alternate API column.
NOTE: To achieve the functionality of [PUT]
/configuration/v1/msp/templates/customer/{cid}
API, it is recommended that you use the combination of
2 and 4 numbered APIs from the alternate API column.
The following table lists the APIs that have been removed:
Alternative API
[DELETE] /platform/rbac/v1/users/{user_id}
[DELETE] /platform/rbac/v1/bulk_users
[GET] /device_management/v1/mobility_master/
{device_serial}
[POST] /device_management/v1/mobility_master/
{device_serial}/{mm_name}
n [GET] /rapids/v1/rogue_aps
n [GET] /rapids/v1/interfering_aps
NOTE: Rogue Detection is disabled, contact Aruba
Support to enable this feature.
[GET] /rapids/v1/wids/infrastructure_attacks
[GET] /rapids/v1/wids/client_attacks
[GET] /rapids/v1/wids/events
1. [PUT] /configuration/v2/msp/templates—This
API is used to update the template at MSP level.
2. [PUT]
/configuration/v2/msp/templates/customer/
{cid}—This API is used to update the template at
end customer level.
3. [POST] /configuration/v2/msp/templates/end_
customers/{device_type}/{version}/{model}—
This API is used to apply the MSP level template to
end customers.
4. [POST]/configuration/v2/msp/templates/end_
customers/{cid}/{device_type}/{version}/
{model}/group—This API is used to apply end
customer-level templates to the end customer's
template groups.
API Gateway | 35
 Table 23: Removed APIs
Removed APIs

ACP MSP

n [GET] /platform/msp_api/v1/customers/{customer_id}
n [PUT] /platform/msp_api/v1/customers/{customer_
id}
n [DELETE] /platform/msp_api/v1/customers/
{customer_id}
n [GET] /platform/msp_api/v1/customers
n [POST] /platform/msp_api/v1/customers

Clarity

n [GET] /clarity/v1/overview/healthscore
n [GET] /clarity/v1/overview/healthscore/dns
n [GET] /clarity/v1/overview/network_stats
n [GET] /clarity/v1/ssid/names
n [GET] /clarity/v1/overview/reasons
n [GET] /clarity/v1/overview/attempts
n [GET] /clarity/v1/overview/device_attempts
n [GET] /clarity/v1/trend/healthscore
n [GET] /clarity/v1/trend/healthscore/dns
n [GET] /clarity/v1/trend/network_stats
n [GET] /clarity/v1/clients/search/partial
n [GET] /clarity/v1/clients/search/absolute
n [GET] /clarity/v1/clients/details
n [GET] /clarity/v1/clients/stats
n [GET] /clarity/v1/insights
n [GET] /clarity/v1/insights/details
n [GET] /clarity/v1/insights/distribution
n [GET] /clarity/v1/license

Attributes

n [GET] /monitoring/v1/attribute_values

Presence Analytics

n [POST] /presence/v1/config/thresholds
n [GET] /presence/v1/config/thresholds
n [GET] /presence/v1/analytics/aggregates
n [GET] /presence/v1/analytics/trends
n [GET] /presence/v1/insights/top_sites
n [GET] /presence/v1/insights/bottom_sites
n [GET] /presence/v1/insights/sites/aggregates

Aruba Central | Reference Guide 36

 Chapter 3
Webhooks

Webhooks
Webhooks allow you to implement event reactions by providing real-time information or notifications to
other applications. Aruba Central allows you to create Webhooks and select Webhooks as the notification
delivery option for all alerts.
Using Aruba Central, you can integrate Webhooks with other third-party applications such as ServiceNow,
Zapier, IFTTT, and so on.
You can access the Webhooks service either through the Aruba Central UI or API Gateway. Aruba Central
supports creating up to 10 Webhooks. To enable redundancy, Aruba Central allows you to add up to three
URLs per Webhook.
From Aruba Central, you can add, list, or delete Webhooks; get or refresh Webhooks token; get or update
Webhooks settings for a specific item; and test Webhooks notification.
This section includes the following topics:

n Creating and Updating Webhooks Through the UI

n Refreshing Webhooks Token Through the UI
n Creating and Updating Webhooks Through the API Gateway
n List of Webhooks APIs
n Sample Webhooks Payload Format for Alerts

In the Alerts & Events page, click the Configuration icon to configure and enable an alert. In the
Notification Options, select Webhooks as the notification delivery option.
The following figure illustrates how Aruba Central integrates with third-party applications using Webhooks.

Aruba Central | Reference Guide 37

Figure 6 Webhooks Integration

Creating and Updating Webhooks Through the UI

To access the Webhooks service from the UI:

1. In the Account Home page, under Global Settings, click Webhooks. The Webhooks page is
displayed.

Webhooks | 38
 2. In the Webhook tab, click + sign. The Add Webhook pop-up window is displayed.

Figure 7 Webhooks Page

Figure 8 Add Webhooks Page

3. To create webhooks, enter the following details:

a. Name—Enter a name for the Webhook.
b. Retry Policy—Select one of the following options:
n None—No retries.

n Important—Up to 5 retries over 6 minutes.

n Critical—Up to 5 retries over 27 hours.

c. URLs—Enter the URL. Click + to enter another URL. You can add up to three URLs.
4. Click Save. The Webhooks is created and listed in the Webhook table.

Aruba Central | Reference Guide 39

Viewing Webhooks
To view the Webhooks, complete the following steps:

1. In the Account Home page, under Global Settings, click Webhooks.

2. The Webhooks page with Webhook table is displayed.
The Webhook table allows you to edit or delete Webhooks and also displays the following
information:
n Name—Name of the Webhooks.

n Number of URL Entries—Number of URLs in Webhooks. Click the number to view the list of
URLs.
n Updated At—Date and time at which Webhooks was updated.
n Webhook ID—Webhooks ID.
n Token—Webhooks token. Webhooks token enables header authentication and the third-party
receiving service must validate the token to ensure authenticity.
n Edit—Select the Webhook from the list and click the Edit icon to edit the Webhook. You can
refresh the token and add URLs. Click Save to save the changes.
n Delete—Select the Webhook from the list and click the Delete icon and click Yes to delete the
Webhook.
n Test Webhooks—Select the Webhook from the list and click the Test Webhooks icon to test the
Webhook by posting sample webhook payload to the configured URL. The Test Webhooks table
provides the URL and Status of the selected Webhook.
n View Dispatch Logs—Select the Webhook from the list and click the View Dispatch Log icon to
view the Dispatch Logs for the selected Webhook. The Dispatch Logs table provides the URL,
Status, and Dispatched Time. Click the arrow against each row to view the Log Details and
Attempts in the drop-down for the respective URL.

Webhooks | 40
 Figure 9 Dispatch Logs Details Page

Refreshing Webhooks Token Through the UI

To refresh Webhooks token through the UI:

1. In the Account Home page, under Global Settings, click Webhooks.

The Webhooks page is displayed.
2. In the Webhook table, select the Webhook from the list and click Edit icon to edit.
3. In the pop-up window, click the Refresh icon next to the token. The token is refreshed.

Creating and Updating Webhooks Through the

API Gateway
The following HTTP methods are defined for Aruba Central API Webhooks resource:

n GET
n POST
n PUT
n DELETE

You can perform CRUD operation on the Webhooks URL configuration. The key configuration elements that
are required to use API Webhooks service are Webhooks URL and a shared secret.
A shared secret token is generated for the Webhooks URL when you register for Webhooks. A hash key is
generated using SHA256 algorithm by using the payload and the shared secret token. The API required to

Aruba Central | Reference Guide 41

refresh the shared secret token is provided for a specific Webhooks configuration. You can choose the
frequency at which you want to refresh the secret token.
To access and use the API Webhooks service:

1. In the Account Home page, under Global Settings, click API Gateway. The API Gateway page is
displayed.
2. In the APIs tab, click the Swagger link under the Documentation header. The Swagger website
opens.
3. In the Swagger website, from the URL drop-down list, select Webhook. All available Webhooks APIs
are listed under API Reference.

For more information on Webhooks APIs, see:

https://app1-apigw.central.arubanetworks.com/swagger/central.

List of Webhooks APIs

Aruba Central supports the following Webhooks APIs:

n GET /central/v1/webhooks—Gets a list of Webhooks.

The following is a sample response:

{
"count": 1,
"settings": [
{
"wid": "e26450be-4dac-435b-ac01-15d8f9667eb8",
"name": "AAA",
"updated_ts": 1523956927,
"urls": [
"https://example.org/webhook1",
"https://example.org/webhook1"
],
"secure_token": "KEu5ZPTi44UO4MnMiOqz"
}
]
}

n POST /central/v1/webhooks—Creates Webhooks.

The following is a sample response:

{
"name": "AAA",
"wid": "e829a0f6-1e36-42fe-bafd-631443cbd581"
}

n DELETE /central/v1/webhooks/{wid}—Deletes Webhooks.

The following is a sample response:

Webhooks | 42
 {
"wid": "e26450be-4dac-435b-ac01-15d8f9667eb8"
}

n GET /central/v1/webhooks/{wid}—Gets Webhooks settings for a specific item.

The following is a sample response:

{
"wid": "e26450be-4dac-435b-ac01-15d8f9667eb8",
"name": "AAA",
"updated_ts": 1523956927,
"urls": [
"https://example.org/webhook1",
"https://example.org/webhook1"
],
"secure_token": "KEu5ZPTi44UO4MnMiOqz"
}

n PUT /central/v1/webhooks/{wid}—Updates Webhooks settings for a specific item.

The following is a sample response:

{
"name": "AAA",
"wid": "e829a0f6-1e36-42fe-bafd-631443cbd581"
}

n GET /central/v1/webhooks/{wid}/token—Gets the Webhooks token for the Webhooks ID.

The following is a sample response:

{
"name": "AAA",
"secure_token": "[{\"token\": \"zSMrzuYrblgBfByy2JrM\", \"ts\": 1523957233}]"
}

n PUT /central/v1/webhooks/{wid}/token—Refreshes the Webhooks token for the Webhooks ID.

The following is a sample response:

{
"name": "AAA",
"secure_token": "[{\"token\": \"zSMrzuYrblgBfByy2JrM\", \"ts\": 1523957233}]"
}

n GET /central/v1/webhooks/{wid}/ping—Tests the Webhooks notification and returns whether

success or failure.

The following is a sample response:

"Ping Response [{'url': 'https://example.org', 'status': 404}]"

Aruba Central | Reference Guide 43

Sample Webhooks Payload Format for Alerts
URL POST <webhook-url>
Custom Headers
Content-Type: application/json
X-Central-Service: Alerts
X-Central-Event: Radio-Channel-Utilization
X-Central-Delivery-ID: 72d3162e-cc78-11e3-81ab-4c9367dc0958
X-Central-Delivery-Timestamp: 2016-07-12T13:14:19-07:00
X-Central-Customer-ID: <########>
Refer to the following topics to view sample JSON content:

n Access Point Alerts—Sample JSON

n AOS-Switch Alerts—Sample JSON
n Gateway Alerts—Sample JSON
n Miscellaneous Alerts—Sample JSON

Access Point Alerts—Sample JSON

This section includes sample JSON content for the following alerts:
AP Connected Clients
{
"id": "AXdhYi4Eo68tULajREh0",
"nid": 1255,
"alert_type": "AP_CONNECTED_CLIENTS",
"setting_id": "55ef4ae129a24c2180e010708202b502-1255",
"device_id": "CNDSHN74L6",
"description": "Number of clients connected to AP 20:a6:cd:cc:17:58 has been
above 1 for about 5 minutes since 2021-02-02 06:11:00 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612246560,
"details": {
"customer_id": "55ef4ae129a24c2180e010708202b502",
"name": "20:a6:cd:cc:17:58",
"serial": "CNDSHN74L6",
"group": "1",
"labels": "3",
"_rule_number": "0",
"ds_key": "55ef4ae129a24c2180e010708202b502.CNDSHN74L6.device.clients.5m",
"duration": "5",
"threshold": "1",
"time": "2021-02-02 06:11:00 UTC"
},
"webhook": "110576c0-59fb-4295-b53b-fdbafbc95dee",
"text": "Number of clients connected to AP 20:a6:cd:cc:17:58 has been
above 1 for about 5 minutes since 2021-02-02 06:11:00 UTC"
}

AP CPU Over Utilization

{
"id": "AXdhYjAko68tULajREiC",
"nid": 1250,
"alert_type": "AP_CPU_OVER_UTILIZATION",
"setting_id": "55ef4ae129a24c2180e010708202b502-1250",

Webhooks | 44
 "device_id": "CNDSHN74L6",
"description": "CPU utilization for AP 20:a6:cd:cc:17:58 with serial CNDSHN74L6 has been
above 1% for about 5 minutes since 2021-02-02 06:11:00 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612246560,
"details": {
"name": "20:a6:cd:cc:17:58",
"unit": "%",
"serial": "CNDSHN74L6",
"group": "1",
"labels": "3",
"_rule_number": "0",
"ds_key": "55ef4ae129a24c2180e010708202b502.CNDSHN74L6.cpu_utilization.5m",
"duration": "5",
"threshold": "1",
"time": "2021-02-02 06:11:00 UTC"
},
"webhook": "110576c0-59fb-4295-b53b-fdbafbc95dee",
"text": "CPU utilization for AP 20:a6:cd:cc:17:58 with serial CNDSHN74L6 has been
above 1% for about 5 minutes since 2021-02-02 06:11:00 UTC"
}

AP Disconnected
{
"id": "AXdhbSf7o68tULajRFQy",
"nid": 4,
"alert_type": "AP disconnected",
"setting_id": "55ef4ae129a24c2180e010708202b502-4",
"device_id": "DZ0001581",
"description": "AP f0:5c:19:c9:f7:6a with MAC address f0:5c:19:c9:f7:6a disconnected,
Group:unprovisioned",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612247279,
"details": {
"params": [
"DZ0001581",
"f0:5c:19:c9:f7:6a",
"10.29.6.170",
"f0:5c:19:c9:f7:6a",
"",
""
],
"group": "1",
"ts": "1612246960735",
"labels": "",
"serial": "DZ0001581",
"conn_status": "disconnected",
"time": "2021-02-02 06:27:59 UTC",
"group_name": "unprovisioned"
},
"webhook": "110576c0-59fb-4295-b53b-fdbafbc95dee",
"text": "AP f0:5c:19:c9:f7:6a with MAC address f0:5c:19:c9:f7:6a disconnected,
Group:unprovisioned"
}

AP Memory Over Utilization

{
"id": "AXdhYi_Bo68tULajREh_",
"nid": 1251,

Aruba Central | Reference Guide 45

 "alert_type": "AP_MEMORY_OVER_UTILIZATION",
"setting_id": "55ef4ae129a24c2180e010708202b502-1251",
"device_id": "CNDSHN74L6",
"description": "Memory utilization for AP 20:a6:cd:cc:17:58 with serial CNDSHN74L6 has
been
above 10% for about 5 minutes since 2021-02-02 06:11:00 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612246560,
"details": {
"name": "20:a6:cd:cc:17:58",
"unit": "%",
"serial": "CNDSHN74L6",
"group": "1",
"labels": "3",
"_rule_number": "0",
"ds_key": "55ef4ae129a24c2180e010708202b502.CNDSHN74L6.memory_utilization.5m",
"duration": "5",
"threshold": "10",
"time": "2021-02-02 06:11:00 UTC"
},
"webhook": "110576c0-59fb-4295-b53b-fdbafbc95dee",
"text": "Memory utilization for AP 20:a6:cd:cc:17:58 with serial CNDSHN74L6 has been
above 10% for about 5 minutes since 2021-02-02 06:11:00 UTC"
}

AP Radio Noise Floor

{
"id": "AXdhYFmQo68tULajREe3",
"nid": 1253,
"alert_type": "AP_RADIO_NOISE_FLOOR",
"setting_id": "55ef4ae129a24c2180e010708202b502-1253",
"device_id": "DZ0001581",
"description": "Noise floor on AP f0:5c:19:c9:f7:6a operating on channel 132E and
serving 0 clients has been above -100 dBm for about 5 minutes since 2021-02-02 06:09:00
UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612246440,
"details": {
"name": "f0:5c:19:c9:f7:6a",
"_band": "1",
"_radio_num": "0",
"channel": "132E",
"client_count": "0",
"unit": "%",
"serial": "DZ0001581",
"group": "1",
"_rule_number": "0",
"ds_key": "55ef4ae129a24c2180e010708202b502.DZ0001581.radio.noisefloor",
"duration": "5",
"threshold": "100",
"time": "2021-02-02 06:09:00 UTC"
},
"webhook": "110576c0-59fb-4295-b53b-fdbafbc95dee",
"text": "Noise floor on AP f0:5c:19:c9:f7:6a operating on channel 132E and serving
0 clients has been above -100 dBm for about 5 minutes since 2021-02-02 06:09:00 UTC"
}

AP Radio Over Utilization

{

Webhooks | 46
 "id": "AXdhYFm6o68tULajREe4",
"nid": 1252,
"alert_type": "AP_RADIO_OVER_UTILIZATION",
"setting_id": "55ef4ae129a24c2180e010708202b502-1252",
"device_id": "DZ0001581",
"description": "Radio utilization on AP f0:5c:19:c9:f7:6a operating on channel 132E and
serving 0 clients has been above 5% for about 5 minutes since 2021-02-02 06:09:00 UTC",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612246440,
"details": {
"name": "f0:5c:19:c9:f7:6a",
"_band": "1",
"_radio_num": "0",
"channel": "132E",
"client_count": "0",
"unit": "%",
"serial": "DZ0001581",
"group": "1",
"_rule_number": "0",
"ds_key": "55ef4ae129a24c2180e010708202b502.DZ0001581.radio.busy64",
"duration": "5",
"threshold": "5",
"time": "2021-02-02 06:09:00 UTC"
}

AP_Radio_Non_Wifi_Over_Utilization
{
"id": "AXdhYFnIo68tULajREe5",
"nid": 1259,
"alert_type": "AP_RADIO_NON_WIFI_OVER_UTILIZATION",
"setting_id": "55ef4ae129a24c2180e010708202b502-1259",
"device_id": "DZ0001581",
"description": "Radio Non-Wifi utilization on AP f0:5c:19:c9:f7:6a operating on channel 6
and serving 0 clients has been above 1% for about 5 minutes since 2021-02-02 06:09:00
UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612246440,
"details": {
"name": "f0:5c:19:c9:f7:6a",
"_band": "0",
"_radio_num": "1",
"channel": "6",
"client_count": "0",
"unit": "%",
"serial": "DZ0001581",
"group": "1",
"_rule_number": "0",
"ds_key": "55ef4ae129a24c2180e010708202b502.DZ0001581.radio.interference",
"duration": "5",
"threshold": "1",
"time": "2021-02-02 06:09:00 UTC"
},
"webhook": "110576c0-59fb-4295-b53b-fdbafbc95dee",
"text": "Radio Non-Wifi utilization on AP f0:5c:19:c9:f7:6a operating on channel 6
and serving 0 clients has been above 1% for about 5 minutes since 2021-02-02 06:09:00
UTC"
}

AP_Tunnel_Down

Aruba Central | Reference Guide 47

{
"id": "AXdhfDSyo68tULajRGTZ",
"nid": 1257,
"alert_type": "AP_TUNNEL_DOWN",
"setting_id": "55ef4ae129a24c2180e010708202b502-1257",
"device_id": "CNDSHN74L6",
"description": "AP tunnel vpn_tun_default_0 from 0.0.0.0 to 0.0.0.0 is DOWN on
device 20:a6:cd:cc:17:58 with serial CNDSHN74L6 at 2021-02-02 06:44:25 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612248265,
"details": {
"src_ip": "0.0.0.0",
"dst_ip": "0.0.0.0",
"alias_map_name": "vpn_tun_default_0",
"name": "20:a6:cd:cc:17:58",
"serial": "CNDSHN74L6",
"group": "86",
"labels": "3",
"rule_number": "0",
"time": "2021-02-02 06:44:25 UTC"
},
"webhook": "110576c0-59fb-4295-b53b-fdbafbc95dee",
"text": "AP tunnel vpn_tun_default_0 from 0.0.0.0 to 0.0.0.0 is DOWN on
device 20:a6:cd:cc:17:58 with serial CNDSHN74L6 at 2021-02-02 06:44:25 UTC."
}

AP With Missing Radios

{
"id": "AXdhvfeko68tULajRJMu",
"nid": 1249,
"alert_type": "AP With Missing Radios",
"setting_id": "6f00c6501c5c4331b7934845815ef078-1249",
"device_id": "FVZP000008",
"description": "AP FVZP000008 reporting 2 out of 1 radios. Reported radio
MAC 76:d6:07:35:60:00, b1:66:99:ed:f0:00.",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612252575,
"details": {
"serial": "FVZP000008",
"labels": [
"5",
"4",
"1"
],
"group": "34",
"params": [
"FVZP000008",
"2",
"1",
"76:d6:07:35:60:00, b1:66:99:ed:f0:00"
],
"time": "2021-02-02 07:56:15 UTC"
},
"webhook": "f383ee40-888b-4dee-97d5-bcbbcf5db946",
"text": "AP FVZP000008 reporting 2 out of 1 radios. Reported radio
MAC 76:d6:07:35:60:00, b1:66:99:ed:f0:00."
}

Client Attack detected

{

Webhooks | 48
 "alert_type": "Client attack detected",
"description": "An AP (NAME iap-303-iphone456-o and MAC 90:4c:81:cf:27:74 on RADIO 1)
detected an unencrypted frame
between a valid client (88:63:df:bb:2a:9d) and access point (BSSID 90:4c:81:72:77:55)
with source 88:63:df:bb:2a:9d
and receiver ff:ff:ff:ff:ff:ff SNR value is 55",
"timestamp": 1564392710,
"webhook": "780c65a0-10b6-4eb1-b725-21b0d52aa432",
"setting_id": "201804170291-13",
"state": "Open",
"nid": 13,
"details": {
"group": "3",
"labels": "3,142,141",
"params": "None",
"_rule_number": "0",
"time": "2019-07-29 09:31:50 UTC"
},
"operation": "create",
"device_id": "CNGHKGX004",
"id": "AWw9EmBxVQO1ZtiGO1Q8",
"severity": "Critical"
}

Connected Clients
{
"id": "AXdhWQbro68tULajREA9",
"nid": 1254,
"alert_type": "CONNECTED_CLIENTS",
"setting_id": "55ef4ae129a24c2180e010708202b502-1254",
"device_id": "cf62d07c019cd6bca90e6079e351251070d9e286f310c87541",
"description": "Number of clients connected to VC SetMeUp-C9:F7:6A has been
above 1 for about 5 minutes since 2021-02-02 06:01:00 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612245960,
"details": {
"customer_id": "55ef4ae129a24c2180e010708202b502",
"name": "SetMeUp-C9:F7:6A",
"serial": "cf62d07c019cd6bca90e6079e351251070d9e286f310c87541",
"group": "1",
"_rule_number": "0",
"ds_key": "55ef4ae129a24c2180e010708202b502.cluster.363.device.clients.5m",
"duration": "5",
"threshold": "1",
"time": "2021-02-02 06:01:00 UTC"
},
"webhook": "110576c0-59fb-4295-b53b-fdbafbc95dee",
"text": "Number of clients connected to VC SetMeUp-C9:F7:6A has been above 1 for
about 5 minutes since 2021-02-02 06:01:00 UTC"
}

IAP Firmware Upgrade Failed

{
"id": "AXdheDego68tULajRGB5",
"nid": 2200,
"alert_type": "IAP_FW_UPGRADE_FAILURE",
"setting_id": "55ef4ae129a24c2180e010708202b502-2200",
"device_id": "",
"description": "Firmware upgrade failed for AP CNDSHN74L6 with serial None and
MAC address 20:a6:cd:cc:17:58",
"state": "Open",
"severity": "Major",

Aruba Central | Reference Guide 49

 "operation": "create",
"timestamp": 1612248004,
"details": {
"mac": "20:a6:cd:cc:17:58",
"hostname": "CNDSHN74L6",
"serial": "None",
"group": "86",
"labels": "",
"_rule_number": "0",
"params": "None",
"time": "2021-02-02 06:40:04 UTC"
},
"webhook": "110576c0-59fb-4295-b53b-fdbafbc95dee",
"text": "Firmware upgrade failed for AP CNDSHN74L6 with serial None and
MAC address 20:a6:cd:cc:17:58"
}

Infrastructure Attack Detected

{
"alert_type": "Infrastructure attack detected",
"description": "An AP (NAME iap-303-iphone456-o and MAC 90:4c:81:cf:27:74 on RADIO 1)
detected that the Access Point with
MAC f0:5c:19:23:56:10 and BSSID f0:5c:19:23:56:10 has sent a beacon for SSID tan This
beacon advertizes channel 149
but was received on channel 161 with SNR 50 ",
"timestamp": 1564400165,
"webhook": "780c65a0-10b6-4eb1-b725-21b0d52aa432",
"setting_id": "201804170291-12",
"state": "Open",
"nid": 12,
"details": {
"group": "3",
"labels": "3,142,141",
"params": "None",
"_rule_number": "0",
"time": "2019-07-29 11:36:05 UTC"
},
"operation": "create",
"device_id": "CNGHKGX004",
"id": "AWw9hCLAVQO1ZtiGP1ig",
"severity": "Critical"
}

Insufficient Power Alert

{
"id": "AXdhan_Zo68tULajRFB6",
"nid": 21,
"alert_type": "INSUFFICIENT_POWER_ALERT",
"setting_id": "55ef4ae129a24c2180e010708202b502-21",
"device_id": "CNDSHN74L6",
"description": "Insufficient inline power supplied to AP-325 with name
20:a6:cd:cc:17:58",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612247105,
"details": {
"name": "20:a6:cd:cc:17:58",
"ap_model": "AP-325",
"group": "1",
"labels": [
"3"
],
"serial": "CNDSHN74L6",
"rule_number": "0",

Webhooks | 50
 "time": "2021-02-02 06:25:05 UTC"
},
"webhook": "110576c0-59fb-4295-b53b-fdbafbc95dee",
"text": "Insufficient inline power supplied to AP-325 with name 20:a6:cd:cc:17:58"
}

Modem Plugged
{
"id": "AXdhmYueo68tULajRH6n",
"nid": 18,
"alert_type": "Modem Plugged",
"setting_id": "b8be21720dc04a8e9f0028374b6a9bbd-18",
"device_id": "GRUT000002",
"description": "Modem plugged to AP GRUT000002 with MAC address 4a:36:66:b8:50:00",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612250188,
"details": {
"group": "0",
"labels": "",
"_rule_number": "0",
"params": [
"GRUT000002",
"4a:36:66:b8:50:00"
],
"serial": "GRUT000002",
"time": "2021-02-02 07:16:28 UTC"
},
"webhook": "31a75d0a-dfd4-4c22-a32b-09d7b033d41e",
"text": "Modem plugged to AP GRUT000002 with MAC address 4a:36:66:b8:50:00"
}

Modem Unplugged
{
"id": "AXdhp2Uwo68tULajRIVC",
"nid": 19,
"alert_type": "Modem Unplugged",
"setting_id": "b8be21720dc04a8e9f0028374b6a9bbd-19",
"device_id": "GRUT000001",
"description": "Modem unplugged from AP GRUT000001 with MAC address 64:2a:90:97:f0:00",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612251096,
"details": {
"group": "0",
"labels": "",
"_rule_number": "0",
"params": [
"GRUT000001",
"64:2a:90:97:f0:00"
],
"serial": "GRUT000001",
"time": "2021-02-02 07:31:36 UTC"
},
"webhook": "31a75d0a-dfd4-4c22-a32b-09d7b033d41e",
"text": "Modem unplugged from AP GRUT000001 with MAC address 64:2a:90:97:f0:00"
}

New AP Detected
{
"id": "AXdhcXF1o68tULajRFld",

Aruba Central | Reference Guide 51

 "nid": 3,
"alert_type": "New AP detected",
"setting_id": "55ef4ae129a24c2180e010708202b502-3",
"device_id": "DZ0001581",
"description": "New AP f0:5c:19:c9:f7:6a with MAC address f0:5c:19:c9:f7:6a detected,
Group:unprovisioned",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612247560,
"details": {
"group": "1",
"labels": "",
"_rule_number": "0",
"params": [
"f0:5c:19:c9:f7:6a",
"f0:5c:19:c9:f7:6a"
],
"serial": "DZ0001581",
"time": "2021-02-02 06:32:40 UTC",
"group_name": "unprovisioned"
},
"webhook": "110576c0-59fb-4295-b53b-fdbafbc95dee",
"text": "New AP f0:5c:19:c9:f7:6a with MAC address f0:5c:19:c9:f7:6a detected,
Group:unprovisioned"
}

New Virtual Controller Detected

{
"id": "AXdhcJgro68tULajRFjG",
"nid": 1,
"alert_type": "New Virtual Controller detected",
"setting_id": "55ef4ae129a24c2180e010708202b502-1",
"device_id": "",
"description": "New Virtual controller SetMeUp-C9:F7:6A with version 8.7.1.0_77203
and IP address 10.29.6.170 detected, Group:unprovisioned",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612247504,
"details": {
"group": "1",
"labels": "",
"_rule_number": "0",
"params": [
"SetMeUp-C9:F7:6A",
"8.7.1.0_77203",
"10.29.6.170",
"DZ0001581"
],
"serial": "None",
"time": "2021-02-02 06:31:44 UTC",
"group_name": "unprovisioned"
},
"webhook": "110576c0-59fb-4295-b53b-fdbafbc95dee",
"text": "New Virtual controller SetMeUp-C9:F7:6A with version 8.7.1.0_77203
and IP address 10.29.6.170 detected, Group:unprovisioned"
}

Rogue AP Detected
{
"alert_type": "Rogue AP detected",
"description": "An AP (NAME 84:d4:7e:c5:c8:8c and MAC address 84:d4:7e:c5:c8:8con RADIO

Webhooks | 52
 1)
detected an access point
(BSSID 0c:00:01:34:69:62 and SSID ssid1 on CHANNEL 52) as rogue",
"timestamp": 1564326128,
"webhook": "780c65a0-10b6-4eb1-b725-21b0d52aa432",
"setting_id": "201804170291-10",
"state": "Open",
"nid": 10,
"details": {
"_rule_number": "0",
"group": "1",
"labels": "",
"params": [
"84:d4:7e:c5:c8:8c",
"84:d4:7e:c5:c8:8c",
"1",
"0c:00:01:34:69:62",
"ssid1",
"52"
],
"time": "2019-07-28 15:02:08 UTC"
},
"operation": "create",
"device_id": "CT0779239",
"id": "AWw5Gm1zVQO1ZtiJK89l",
"severity": "Critical"
}

Radio Frames Retry Percent

{
"id": "AXdrc2PMo68tULajSvRF",
"nid": 1256,
"alert_type": "AP_TX_RETRY_PERCENT",
"setting_id": "2a35217e2f114cd8958f00a676258785-1256",
"device_id": "VEYB000004",
"description": "Radio frames retry percent for AP VEYB000004 with serial VEYB000004 has
been
above 1% for about 5 minutes since 2021-02-04 05:06:00 UTC",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612415460,
"details": {
"name": "VEYB000004",
"_band": "0",
"_radio_num": "0",
"channel": "11",
"client_count": "1",
"unit": "%",
"serial": "VEYB000004",
"group": "2",
"labels": "4",
"_rule_number": "0",
"ds_key": "2a35217e2f114cd8958f00a676258785.VEYB000004.radio.retry_percent",
"duration": "5",
"threshold": "1",
"time": "2021-02-04 05:06:00 UTC"
},
"webhook": "bd4f20e6-55e6-4360-ab55-da2829f1a390",
"text": "Radio frames retry percent for AP VEYB000004 with serial VEYB000004 has been
above 1% for about 5 minutes since 2021-02-04 05:06:00 UTC"
}

Uplink Changed

Aruba Central | Reference Guide 53

{
"id": "AXdhmSSKo68tULajRH4M",
"nid": 17,
"alert_type": "Uplink Changed",
"setting_id": "b8be21720dc04a8e9f0028374b6a9bbd-17",
"device_id": "GRUT000003",
"description": "Uplink changed from Ethernet to WiFi Mesh for AP GRUT000003 with MAC
address 3d:62:d4:3f:90:00",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612250162,
"details": {
"group": "0",
"labels": "",
"_rule_number": "0",
"params": [
"Ethernet",
"WiFi Mesh",
"GRUT000003",
"3d:62:d4:3f:90:00"
],
"serial": "GRUT000003",
"time": "2021-02-02 07:16:02 UTC"
},
"webhook": "31a75d0a-dfd4-4c22-a32b-09d7b033d41e",
"text": "Uplink changed from Ethernet to WiFi Mesh for AP GRUT000003 with MAC address
3d:62:d4:3f:90:00"
}

Virtual Controller Disconnected

{
"id": "AXdheuQHo68tULajRGQ5",
"nid": 2,
"alert_type": "Virtual controller disconnected",
"setting_id": "55ef4ae129a24c2180e010708202b502-2",
"device_id": "DZ0001581",
"description": "Virtual controller SetMeUp-C9:F7:6A with version 8.7.1.0_77203 and
IP address 10.29.6.170 disconnected, Group:unprovisioned",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612248179,
"details": {
"params": [
"DZ0001581",
"f0:5c:19:c9:f7:6a",
"10.29.6.170",
"SetMeUp-C9:F7:6A",
"8.7.1.0_77203",
""
],
"group": "1",
"ts": "1612247876960",
"labels": "",
"serial": "DZ0001581",
"conn_status": "disconnected",
"time": "2021-02-02 06:42:59 UTC",
"group_name": "unprovisioned"
},
"webhook": "110576c0-59fb-4295-b53b-fdbafbc95dee",
"text": "Virtual controller SetMeUp-C9:F7:6A with version 8.7.1.0_77203 and
IP address 10.29.6.170 disconnected, Group:unprovisioned"
}

Webhooks | 54
 AOS-Switch Alerts—Sample JSON
This section includes sample JSON content for the following alerts:
Switch Disconnected
{
"id": "AXbhjMPpKHBn24BIWnGc",
"nid": 203,
"alert_type": "Switch Disconnected",
"setting_id": "f1ae23ba9025490cb53efb0993e05f17-203",
"device_id": "CN80HKW2Z6",
"description": "Switch with serial CN80HKW2Z6, MAC address 54:80:28:61:b3:20 IP address
10.21.20.231
and Hostname Aruba-2930F-24G-PoEP-4SFPP reconnected",
"state": "Close",
"severity": "Major",
"operation": "update",
"timestamp": 1612383547,
"details": {
"params": [
"CN80HKW2Z6",
"54:80:28:61:b3:20",
"10.21.20.231",
"Aruba-2930F-24G-PoEP-4SFPP",
"",
""
],
"serial": "CN80HKW2Z6",
"time": "2021-01-08 10:31:07 UTC",
"conn_status": "reconnected"
},
"webhook": "8077a55e-f8d3-43af-a67f-12263f5b778e",
"text": "Switch with serial CN80HKW2Z6, MAC address 54:80:28:61:b3:20 IP address
10.21.20.231
and Hostname Aruba-2930F-24G-PoEP-4SFPP reconnected"
}

New Switch Connected

{
"id": "AXdpfWeFo68tULajSfwu",
"nid": 201,
"alert_type": "New Switch Connected",
"setting_id": "f1ae23ba9025490cb53efb0993e05f17-201",
"device_id": "CN80HKW2Z6",
"description": "New Switch with serial CN80HKW2Z6, MAC address 54:80:28:61:b3:20 IP
address 10.21.20.231
and Hostname Aruba-2930F-24G-PoEP-4SFPP connected, Group:unprovisioned, Site:Bangalore
Site",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612382562,
"details": {
"group": "1",
"labels": "46",
"_rule_number": "0",
"params": [
"CN80HKW2Z6",
"54:80:28:61:b3:20",
"10.21.20.231",
"Aruba-2930F-24G-PoEP-4SFPP"

Aruba Central | Reference Guide 55

 ],
"serial": "CN80HKW2Z6",
"time": "2021-02-03 20:02:42 UTC",
"group_name": "unprovisioned",
"site_name": "Bangalore Site"
},
"webhook": "8077a55e-f8d3-43af-a67f-12263f5b778e",
"text": "New Switch with serial CN80HKW2Z6, MAC address 54:80:28:61:b3:20 IP address
10.21.20.231
and Hostname Aruba-2930F-24G-PoEP-4SFPP connected, Group:unprovisioned, Site:Bangalore
Site"
}

Switch Memory Over Utilization

{
"id": "AXdr9zozo68tULajS0Xo",
"nid": 1301,
"alert_type": "SWITCH_MEMORY_OVER_UTILIZATION",
"setting_id": "f1ae23ba9025490cb53efb0993e05f17-1301",
"device_id": "SG92GPT00K",
"description": "Memory utilization for Switch with serial SG92GPT00K
has been above 1% for
about 5 minutes since 2021-02-04 07:30:00 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612424100,
"details": {
"name": "",
"unit": "%",
"serial": "SG92GPT00K",
"group": "212",
"_rule_number": "0",
"ds_key": "f1ae23ba9025490cb53efb0993e05f17.SG92GPT00K.memory_utilization.5m",
"duration": "5",
"threshold": "1",
"time": "2021-02-04 07:30:00 UTC"
},
"webhook": "8077a55e-f8d3-43af-a67f-12263f5b778e",
"text": "Memory utilization for Switch with serial SG92GPT00K has been above 1% for
about 5 minutes since 2021-02-04 07:30:00 UTC"
}

Switch CPU Over Utilization

{
"id": "AXdrVwIbo68tULajSsgm",
"nid": 1300,
"alert_type": "SWITCH_CPU_OVER_UTILIZATION",
"setting_id": "f1ae23ba9025490cb53efb0993e05f17-1300",
"device_id": "SG53FLZ0RX",
"description": "CPU utilization for Switch HP-2920-48G-POEP with serial SG53FLZ0RX has
been
above 1% for about 5 minutes since 2021-02-04 04:35:00 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612413600,
"details": {
"name": "HP-2920-48G-POEP",
"unit": "%",
"serial": "SG53FLZ0RX",
"group": "211",
"_rule_number": "0",
"ds_key": "f1ae23ba9025490cb53efb0993e05f17.SG53FLZ0RX.cpu_utilization.5m",
"duration": "5",

Webhooks | 56
 "threshold": "1",
"time": "2021-02-04 04:35:00 UTC"
},
"webhook": "8077a55e-f8d3-43af-a67f-12263f5b778e",
"text": "CPU utilization for Switch HP-2920-48G-POEP with serial SG53FLZ0RX has been
above 1% for about 5 minutes since 2021-02-04 04:35:00 UTC."
}

Switch Interface Rx Rate

{
"alert_type": "SWITCH_INTERFACE_RX_RATE",
"description": "Receive rate for Interface 15 on Switch Aruba-2930F-24G-PoEP-4SFPP has
been
above 1 % for about 5 minutes since 2019-09-26 13:18:00 UTC.",
"timestamp": 1569504180,
"webhook": "4d588353-3355-487d-81af-c97f62b0abb0",
"setting_id": "e344d961bccd411dbd279bf92f61b989-1303",
"state": "Open",
"nid": 1303,
"details": {
"_rule_number": "0",
"group": "1",
"name": "Aruba-2930F-24G-PoEP-4SFPP",
"max_value_for_percentage": "1000.0",
"threshold": "1",
"intf_name": "15",
"time": "2019-09-26 13:18:00 UTC",
"duration": "5",
"ds_key": "e344d961bccd411dbd279bf92f61b989.CN8AHKW095.intf.rx_utilization.5m",
"serial": "CN8AHKW095",
"unit": "%"
},
"operation": "create",
"device_id": "CN8AHKW095",
"id": "AW1tvTgBYu0OgJ2 aoCgl",
"severity": "Critical"
}

Switch Interface Tx Rate

{
"alert_type": "SWITCH_INTERFACE_TX_RATE",
"description": "Transfer rate for Interface 19 on Switch Aruba-2930F-24G-PoEP-4SFPP has
been
above 1 % for about 5 minutes since 2019-09-26 13:18:00 UTC.",
"timestamp": 1569504180,
"webhook": "4d588353-3355-487d-81af-c97f62b0abb0",
"setting_id": "e344d961bccd411dbd279bf92f61b989-1302",
"state": "Open",
"nid": 1302,
"details": {
"_rule_number": "0",
"group": "1",
"name": "Aruba-2930F-24G-PoEP-4SFPP",
"max_value_for_percentage": "1000.0",
"threshold": "1",
"intf_name": "19",
"time": "2019-09-26 13:18:00 UTC",
"duration": "5",
"ds_key": "e344d961bccd411dbd279bf92f61b989.CN8AHKW095.intf.tx_utilization.5m",
"serial": "CN8AHKW095",
"unit": "%"
},
"operation": "create",
"device_id": "CN8AHKW095",
"id": "AW1tvTgBYu0OgJ2aoCgk",

Aruba Central | Reference Guide 57

 "severity": "Critical"
}

Switch POE Utilization

{
"alert_type": "SWITCH_POE_UTILIZATION",
"description": "PoE utilization for Switch Aruba-2930F-24G-PoEP-4SFPP with serial
CN69HKW05T
MAC address e0:07:1b:c4:8d:80 and IP address 10.22.182.78 has been above 1%",
"timestamp": 1569505920,
"webhook": "4d588353-3355-487d-81af-c97f62b0abb0",
"setting_id": "e344d961bccd411dbd279bf92f61b989-1307",
"state": "Open",
"nid": 1307,
"details": {
"group": "0",
"name": "Aruba-2930F-24G-PoEP-4SFPP",
"ip": "10.22.182.78",
"labels": [],
"mac": "e0:07:1b:c4:8d:80",
"time": "2019-09-26 13:52:00 UTC",
"threshold": "1",
"serial": "CN69HKW05T"
},
"operation": "create",
"device_id": "CN69HKW05T",
"id": "AW1t18ccYu0OgJ2aoDYw",
"severity": "Critical"
}

Switch Interface Input Errors

{
"alert_type": "SWITCH_INTERFACE_INPUT_ERRORS",
"description": "Input errors for Interface 19 on Switch Aruba-2930F-24G-PoEP-4SFPP has
been
above 90% for about 30 minutes since 2019-09-26 06:07:00 UTC .",
"timestamp": 1569505920,
"webhook": "4d588353-3355-487d-81af-c97f62b0abb0",
"setting_id": "e344d961bccd411dbd279bf92f61b989-1307",
"state": "Open",
"nid": 1304,
"details": {
"group": "0",
"name": "Aruba-2930F-24G-PoEP-4SFPP",
"ip": "10.22.182.78",
"labels": [],
"mac": "e0:07:1b:c4:8d:80",
"time": "2019-09-26 13:52:00 UTC",
"threshold": "1",
"serial": "CN69HKW05T"
},
"operation": "create",
"device_id": "CN69HKW05T",
"id": "AW1t18ccYu0OgJ2aoDYw",
"severity": "Critical"
}

Switch Interface Output Errors

{
"alert_type": "SWITCH_INTERFACE_OUTPUT_ERRORS",
"description": "Output errors for Interface 19 on Switch Aruba-2930F-24G-PoEP-4SFPP has
been
above 90% for about 30 minutes since 2019-09-26 06:07:00 UTC. ",
"timestamp": 1569505920,

Webhooks | 58
 "webhook": "4d588353-3355-487d-81af-c97f62b0abb0",
"setting_id": "e344d961bccd411dbd279bf92f61b989-1307",
"state": "Open",
"nid": 1305,
"details": {
"group": "0",
"name": "Aruba-2930F-24G-PoEP-4SFPP",
"ip": "10.22.182.78",
"labels": [],
"mac": "e0:07:1b:c4:8d:80",
"time": "2019-09-26 13:52:00 UTC",
"threshold": "1",
"serial": "CN69HKW05T"
},
"operation": "create",
"device_id": "CN69HKW05T",
"id": "AW1t18ccYu0OgJ2aoDYw",
"severity": "Critical"
}

Switch Mismatch Config

{
"alert_type": "SWITCH_CONFIG_MISMATCH",
"description": "Config mismatch occurred in switch with serial CN69HKW05T MAC address
e0:07:1b:c4:8d:80
and IP address 10.22 .182 .78 and Hostname Aruba - 2930 F - 48 G - PoEP - 4 SFPP ",
"timestamp": 1569505920,
"webhook": "4d588353-3355-487d-81af-c97f62b0abb0",
"setting_id": "e344d961bccd411dbd279bf92f61b989-1307",
"state": "Open",
"nid": 206,
"details": {
"group": "0",
"name": "Aruba-2930F-24G-PoEP-4SFPP",
"ip": "10.22.182.78",
"labels": [],
"mac": "e0:07:1b:c4:8d:80",
"time": "2019-09-26 13:52:00 UTC",
"threshold": "1",
"serial": "CN69HKW05T"
},
"operation": "create",
"device_id": "CN69HKW05T",
"id": "AW1t18ccYu0OgJ2aoDYw",
"severity": "Critical"
}

Switch Hardward Failure

{
"alert_type": "SWITCH_HARDWARE_FAILURE",
"description": "Switch with serial CN8AHKW095 : Fan 1 failed ",
"timestamp": 1569505920,
"webhook": "4d588353-3355-487d-81af-c97f62b0abb0",
"setting_id": "e344d961bccd411dbd279bf92f61b989-1307",
"state": "Open",
"nid": 207,
"details": {
"group": "0",
"name": "Aruba-2930F-24G-PoEP-4SFPP",
"ip": "10.22.182.78",
"labels": [],
"mac": "e0:07:1b:c4:8d:80",
"time": "2019-09-26 13:52:00 UTC",
"threshold": "1",
"serial": "CN69HKW05T"

Aruba Central | Reference Guide 59

 },
"operation": "create",
"device_id": "CN69HKW05T",
"id": "AW1t18ccYu0OgJ2aoDYw",
"severity": "Critical"
}

Switch Port Duplex Mode

{
"id": "AXvFH4hFo68tULajP1c9",
"nid": 1306,
"alert_type": "SWITCH_INTERFACE_DUPLEX_MODE",
"setting_id": "6ec75df161974434b54e298a353d11f3-1306",
"device_id": "SG9ZKN7050",
"description": "Interface 1/1/2 on switch 6300 with serial
SG9ZKN7050 is operating at Half-Duplex mode",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1631099783,
"details": {
"group": "2848",
"labels": "",
"name": "6300",
"serial": "SG9ZKN7050",
"intf_name": "1/1/2",
"mode": "Half",
"time": "2021-09-08 11:16:23 UTC"
},
"webhook": "76f4af2c-a47c-4726-b9d3-133c45e8f436",
"text": "Interface 1/1/2 on switch 6300 with serial
SG9ZKN7050 is operating at Half-Duplex mode",
"cluster_hostname": "app-yoda.arubathena.com"
}

Switch AOS-S Reboot

{
"id": "AXt5CJ51o68tULaj30iP",
"nid": 1312,
"alert_type": "SWITCH_REBOOT",
"setting_id": "f1ae23ba9025490cb53efb0993e05f17-1312",
"device_id": "FFFWA7Y5B",
"description": "Switch Aruba-3810M-24G-PoEP-1-slot with FFFWA7Y5B on group - default
rebooted. Reason: Operator reboot from Aruba CENTRAL session.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1629823213,
"details": {
"name": "Aruba-3810M-24G-PoEP-1-slot",
"serial": "FFFWA7Y5B",
"group_name": "default",
"site_name": "",
"reboot_reason": "Operator reboot from Aruba CENTRAL session.",
"ts": "1629823080",
"group": "0",
"labels": "46",
"time": "2021-08-24 16:40:13 UTC"
},
"webhook": "8077a55e-f8d3-43af-a67f-12263f5b778e",
"text": "Switch Aruba-3810M-24G-PoEP-1-slot with FFFWA7Y5B on group - default
rebooted. Reason: Operator reboot from Aruba CENTRAL session."
}

Switch STP Root Change

Webhooks | 60
 {
"id": "AXt4qBL_fvwY_x8ol-sJ",
"nid": 1308,
"alert_type": "SWITCH_STP_ROOT_CHANGE",
"setting_id": "417fc95887044bcba9b3e2ce3830aecb-1308",
"device_id": "QXRF011180",
"description": "CST Root changed on Sep 24 10:57:09 from Switch QXRF011180.
dummy with Serial: QXRF011180, IP Address: 75.200.87.30 and Priority: 24576 to
Switch 70:10:6f:84:0c:80 with Serial: QXRF011180, IP Address: 75.200.87.30 and Priority
20480",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1629816886,
"details": {
"ts": "Sep 24 10:57:09",
"pr1": "24576",
"pr2": "20480",
"host1": "QXRF011180.dummy",
"host2": "70:10:6f:84:0c:80",
"ip1": "75.200.87.30",
"ip2": " ",
"serial1": "QXRF011180",
"serial2": " ",
"type": "CST",
"group": "16336",
"labels": "5844",
"serial": "QXRF011180",
"time": "2021-08-24 14:54:46 UTC"
},
"webhook": "34000e8a-475c-46e3-9bec-79c5f281e868",
"text": "CST Root changed on Sep 24 10:57:09 from Switch QXRF011180.dummy with
Serial: QXRF011180, IP Address: 75.200.87.30 and Priority: 24576 to Switch
70:10:6f:84:0c:80
with Serial: QXRF011180, IP Address: 75.200.87.30 and Priority 20480
}

Switch Uplink Port Over Utilization

{
"id": "AXwISXRXuaNimYkpzKTQ",
"nid": 1311,
"alert_type": "SWITCH_UPLINK_PORT_OVER_UTILIZATION",
"setting_id": "111952054-1311",
"device_id": "SG87GYW05B",
"description": "Uplink usage on Switch Aruba-3810M-24G-PoEP-1-slot
exceeded 2GB in 30 minutes",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1632226604,
"details": {
"name": "Aruba-3810M-24G-PoEP-1-slot",
"duration": "30",
"usage": "2",
"site_str": "",
"ts": "1632226604",
"group": "1",
"labels": "",
"serial": "SG87GYW05B",
"time": "2021-09-21 11:46:44 UTC"
},
"webhook": "e62eb85b-0547-4fba-9cfb-c8d36fb2b0c3",
"text": "Uplink usage on Switch Aruba-3810M-24G-PoEP-1-slot
exceeded 2GB in 30 minutes",
"cluster_hostname": "sol-central.arubathena.com"

Aruba Central | Reference Guide 61

}

AOS-CX Switch Alerts—Sample JSON

This section includes sample JSON content for the following alerts:
New Switch Connected
{
"id": "AXdpfWeFo68tULajSfwu",
"nid": 201,
"alert_type": "New Switch Connected",
"setting_id": "f1ae23ba9025490cb53efb0993e05f17-201",
"device_id": "CN80HKW2Z6",
"description": "New Switch with serial CN80HKW2Z6, MAC address 54:80:28:61:b3:20 IP
address 10.21.20.231
and Hostname Aruba-2930F-24G-PoEP-4SFPP connected, Group:unprovisioned, Site:Bangalore
Site",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612382562,
"details": {
"group": "1",
"labels": "46",
"_rule_number": "0",
"params": [
"CN80HKW2Z6",
"54:80:28:61:b3:20",
"10.21.20.231",
"Aruba-2930F-24G-PoEP-4SFPP"
],
"serial": "CN80HKW2Z6",
"time": "2021-02-03 20:02:42 UTC",
"group_name": "unprovisioned",
"site_name": "Bangalore Site"
},
"webhook": "8077a55e-f8d3-43af-a67f-12263f5b778e",
"text": "New Switch with serial CN80HKW2Z6, MAC address 54:80:28:61:b3:20 IP address
10.21.20.231
and Hostname Aruba-2930F-24G-PoEP-4SFPP connected, Group:unprovisioned, Site:Bangalore
Site"
}

Switch Disconnected
{
"id": "AXbhjMPpKHBn24BIWnGc",
"nid": 203,
"alert_type": "Switch Disconnected",
"setting_id": "f1ae23ba9025490cb53efb0993e05f17-203",
"device_id": "CN80HKW2Z6",
"description": "Switch with serial CN80HKW2Z6, MAC address 54:80:28:61:b3:20 IP address
10.21.20.231
and Hostname Aruba-2930F-24G-PoEP-4SFPP reconnected",
"state": "Close",
"severity": "Major",
"operation": "update",
"timestamp": 1612383547,
"details": {
"params": [
"CN80HKW2Z6",
"54:80:28:61:b3:20",
"10.21.20.231",
"Aruba-2930F-24G-PoEP-4SFPP",

Webhooks | 62
 "",
""
],
"serial": "CN80HKW2Z6",
"time": "2021-01-08 10:31:07 UTC",
"conn_status": "reconnected"
},
"webhook": "8077a55e-f8d3-43af-a67f-12263f5b778e",
"text": "Switch with serial CN80HKW2Z6, MAC address 54:80:28:61:b3:20 IP address
10.21.20.231
and Hostname Aruba-2930F-24G-PoEP-4SFPP reconnected"
}

Switch Memory Over Utilization

{
"id": "AXdr9zozo68tULajS0Xo",
"nid": 1301,
"alert_type": "SWITCH_MEMORY_OVER_UTILIZATION",
"setting_id": "f1ae23ba9025490cb53efb0993e05f17-1301",
"device_id": "SG92GPT00K",
"description": "Memory utilization for Switch with serial SG92GPT00K
has been above 1% for
about 5 minutes since 2021-02-04 07:30:00 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612424100,
"details": {
"name": "",
"unit": "%",
"serial": "SG92GPT00K",
"group": "212",
"_rule_number": "0",
"ds_key": "f1ae23ba9025490cb53efb0993e05f17.SG92GPT00K.memory_utilization.5m",
"duration": "5",
"threshold": "1",
"time": "2021-02-04 07:30:00 UTC"
},
"webhook": "8077a55e-f8d3-43af-a67f-12263f5b778e",
"text": "Memory utilization for Switch with serial SG92GPT00K has been above 1% for
about 5 minutes since 2021-02-04 07:30:00 UTC"
}

Switch CPU Over Utilization

{
"id": "AXdrVwIbo68tULajSsgm",
"nid": 1300,
"alert_type": "SWITCH_CPU_OVER_UTILIZATION",
"setting_id": "f1ae23ba9025490cb53efb0993e05f17-1300",
"device_id": "SG53FLZ0RX",
"description": "CPU utilization for Switch HP-2920-48G-POEP with serial SG53FLZ0RX has
been
above 1% for about 5 minutes since 2021-02-04 04:35:00 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612413600,
"details": {
"name": "HP-2920-48G-POEP",
"unit": "%",
"serial": "SG53FLZ0RX",
"group": "211",
"_rule_number": "0",
"ds_key": "f1ae23ba9025490cb53efb0993e05f17.SG53FLZ0RX.cpu_utilization.5m",
"duration": "5",

Aruba Central | Reference Guide 63

 "threshold": "1",
"time": "2021-02-04 04:35:00 UTC"
},
"webhook": "8077a55e-f8d3-43af-a67f-12263f5b778e",
"text": "CPU utilization for Switch HP-2920-48G-POEP with serial SG53FLZ0RX has been
above 1% for about 5 minutes since 2021-02-04 04:35:00 UTC."
}

Switch Interface Rx Rate

{
"alert_type": "SWITCH_INTERFACE_RX_RATE",
"description": "Receive rate for Interface 15 on Switch Aruba-2930F-24G-PoEP-4SFPP has
been
above 1 % for about 5 minutes since 2019-09-26 13:18:00 UTC.",
"timestamp": 1569504180,
"webhook": "4d588353-3355-487d-81af-c97f62b0abb0",
"setting_id": "e344d961bccd411dbd279bf92f61b989-1303",
"state": "Open",
"nid": 1303,
"details": {
"_rule_number": "0",
"group": "1",
"name": "Aruba-2930F-24G-PoEP-4SFPP",
"max_value_for_percentage": "1000.0",
"threshold": "1",
"intf_name": "15",
"time": "2019-09-26 13:18:00 UTC",
"duration": "5",
"ds_key": "e344d961bccd411dbd279bf92f61b989.CN8AHKW095.intf.rx_utilization.5m",
"serial": "CN8AHKW095",
"unit": "%"
},
"operation": "create",
"device_id": "CN8AHKW095",
"id": "AW1tvTgBYu0OgJ2 aoCgl",
"severity": "Critical"
}

Switch Interface Tx Rate

{
"alert_type": "SWITCH_INTERFACE_TX_RATE",
"description": "Transfer rate for Interface 19 on Switch Aruba-2930F-24G-PoEP-4SFPP has
been
above 1 % for about 5 minutes since 2019-09-26 13:18:00 UTC.",
"timestamp": 1569504180,
"webhook": "4d588353-3355-487d-81af-c97f62b0abb0",
"setting_id": "e344d961bccd411dbd279bf92f61b989-1302",
"state": "Open",
"nid": 1302,
"details": {
"_rule_number": "0",
"group": "1",
"name": "Aruba-2930F-24G-PoEP-4SFPP",
"max_value_for_percentage": "1000.0",
"threshold": "1",
"intf_name": "19",
"time": "2019-09-26 13:18:00 UTC",
"duration": "5",
"ds_key": "e344d961bccd411dbd279bf92f61b989.CN8AHKW095.intf.tx_utilization.5m",
"serial": "CN8AHKW095",
"unit": "%"
},
"operation": "create",
"device_id": "CN8AHKW095",
"id": "AW1tvTgBYu0OgJ2aoCgk",

Webhooks | 64
 "severity": "Critical"
}

Switch POE Utilization

{
"alert_type": "SWITCH_POE_UTILIZATION",
"description": "PoE utilization for Switch Aruba-2930F-24G-PoEP-4SFPP with serial
CN69HKW05T
MAC address e0:07:1b:c4:8d:80 and IP address 10.22.182.78 has been above 1%",
"timestamp": 1569505920,
"webhook": "4d588353-3355-487d-81af-c97f62b0abb0",
"setting_id": "e344d961bccd411dbd279bf92f61b989-1307",
"state": "Open",
"nid": 1307,
"details": {
"group": "0",
"name": "Aruba-2930F-24G-PoEP-4SFPP",
"ip": "10.22.182.78",
"labels": [],
"mac": "e0:07:1b:c4:8d:80",
"time": "2019-09-26 13:52:00 UTC",
"threshold": "1",
"serial": "CN69HKW05T"
},
"operation": "create",
"device_id": "CN69HKW05T",
"id": "AW1t18ccYu0OgJ2aoDYw",
"severity": "Critical"
}

Switch Interface Input Errors

{
"alert_type": "SWITCH_INTERFACE_INPUT_ERRORS",
"description": "Input errors for Interface 19 on Switch Aruba-2930F-24G-PoEP-4SFPP has
been
above 90% for about 30 minutes since 2019-09-26 06:07:00 UTC .",
"timestamp": 1569505920,
"webhook": "4d588353-3355-487d-81af-c97f62b0abb0",
"setting_id": "e344d961bccd411dbd279bf92f61b989-1307",
"state": "Open",
"nid": 1304,
"details": {
"group": "0",
"name": "Aruba-2930F-24G-PoEP-4SFPP",
"ip": "10.22.182.78",
"labels": [],
"mac": "e0:07:1b:c4:8d:80",
"time": "2019-09-26 13:52:00 UTC",
"threshold": "1",
"serial": "CN69HKW05T"
},
"operation": "create",
"device_id": "CN69HKW05T",
"id": "AW1t18ccYu0OgJ2aoDYw",
"severity": "Critical"
}

Switch Interface Output Errors

{
"alert_type": "SWITCH_INTERFACE_OUTPUT_ERRORS",
"description": "Output errors for Interface 19 on Switch Aruba-2930F-24G-PoEP-4SFPP has
been
above 90% for about 30 minutes since 2019-09-26 06:07:00 UTC. ",
"timestamp": 1569505920,

Aruba Central | Reference Guide 65

 "webhook": "4d588353-3355-487d-81af-c97f62b0abb0",
"setting_id": "e344d961bccd411dbd279bf92f61b989-1307",
"state": "Open",
"nid": 1305,
"details": {
"group": "0",
"name": "Aruba-2930F-24G-PoEP-4SFPP",
"ip": "10.22.182.78",
"labels": [],
"mac": "e0:07:1b:c4:8d:80",
"time": "2019-09-26 13:52:00 UTC",
"threshold": "1",
"serial": "CN69HKW05T"
},
"operation": "create",
"device_id": "CN69HKW05T",
"id": "AW1t18ccYu0OgJ2aoDYw",
"severity": "Critical"
}

Switch Config Mismatch

{
"alert_type": "SWITCH_CONFIG_MISMATCH",
"description": "Config mismatch occurred in switch with serial CN69HKW05T MAC address
e0:07:1b:c4:8d:80
and IP address 10.22 .182 .78 and Hostname Aruba - 2930 F - 48 G - PoEP - 4 SFPP ",
"timestamp": 1569505920,
"webhook": "4d588353-3355-487d-81af-c97f62b0abb0",
"setting_id": "e344d961bccd411dbd279bf92f61b989-1307",
"state": "Open",
"nid": 206,
"details": {
"group": "0",
"name": "Aruba-2930F-24G-PoEP-4SFPP",
"ip": "10.22.182.78",
"labels": [],
"mac": "e0:07:1b:c4:8d:80",
"time": "2019-09-26 13:52:00 UTC",
"threshold": "1",
"serial": "CN69HKW05T"
},
"operation": "create",
"device_id": "CN69HKW05T",
"id": "AW1t18ccYu0OgJ2aoDYw",
"severity": "Critical"
}

Switch Hardware Failure

{
"id": "AXvJXn_oo68tULajUT9W",
"nid": 207,
"alert_type": "SWITCH_HARDWARE_FAILURE",
"setting_id": "6ec75df161974434b54e298a353d11f3-207",
"device_id": "SG9ZKN7078",
"description": "Switch with serial SG9ZKN7078 : eMMC storage reached
critical utilization level.Please contact HPE Aruba support for further assistance.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1631171018,
"details": {
"group": "1",
"labels": "",
"serial": "SG9ZKN7078",

Webhooks | 66
 "name": "6300",
"site": "",
"device_id": "SG9ZKN7078",
"hostname": "6300",
"description": "eMMC storage reached critical utilization level.Please contact
HPE Aruba support for further assistance.",
"event_id": "9104",
"time": "2021-09-09 07:03:38 UTC"
},
"webhook": "5ef178b6-4916-46e6-bed2-ab61a8cd7271",
"text": "Switch with serial SG9ZKN7078 : eMMC storage reached critical utilization
level.Please contact HPE Aruba support for further assistance.",
"cluster_hostname": "app-yoda.arubathena.com"
}

Switch NAE Status

{
"id": "AXs01pfTKYUYZt8VfT9m",
"nid": 208,
"alert_type": "Switch NAE Status",
"setting_id": "424a17fea2a24d46859a33699cd6b3d4-208",
"device_id": "SG9ZEFB7F2",
"description": "Aggregated NAE status reached or exceeds the desired severity level for
the switch with
serial SG9ZEFB7F2 MAC address 70:72:cf:ef:b7:f2 IP address 10.101.60.40 and Hostname
6300",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1628679083,
"details": {
"group": "1",
"labels": "",
"serial": "SG9ZEFB7F2",
"name": "{\\'hostname\\': \\'6300\\'}",
"site": "",
"device_id": "SG9ZEFB7F2",
"mac": "70:72:cf:ef:b7:f2",
"ip": "10.101.60.40",
"hostname": "6300",
"time": "2021-08-11 10:51:23 UTC"
},
"webhook": "b18819a2-75a1-4bf8-951e-037b9fd1914a",
"text": "Aggregated NAE status reached or exceeds the desired severity level for the
switch with
serial SG9ZEFB7F2 MAC address 70:72:cf:ef:b7:f2 IP address 10.101.60.40 and Hostname
6300"
}

Switch Stack Commander Change

{
"id": "AXvGFP59KFHq3kj2rOJu",
"nid": 1310,
"alert_type": "SWITCH_STACK_COMMANDER_CHANGE",
"setting_id": "698e8e55b6294a7daf4de0f80f51b231-1310",
"device_id": "SG9ZKN709Y",
"description": "New Commander with Serial ID: SG9ZKN70B5,
MAC Address: 38:21:c7:5c:c4:c0, Hostname: Commander,
Stack ID: 6a9cb0fb-2346-48df-a0c4-90237ea71afa, Group: 322 Connected,
Old Commander Serial ID: SG9ZKN709Y, Mac Address: 38:21:c7:5d:70:c0",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1631115869,

Aruba Central | Reference Guide 67

 "details": {
"old_serial": "SG9ZKN709Y",
"old_mac": "38:21:c7:5d:70:c0",
"new_serial": "SG9ZKN70B5",
"new_mac": "38:21:c7:5c:c4:c0",
"host": "Commander",
"stack_id": "6a9cb0fb-2346-48df-a0c4-90237ea71afa",
"group": "322",
"labels": "",
"serial": "SG9ZKN709Y",
"time": "2021-09-08 15:44:29 UTC"
},
"webhook": "374b4438-dff9-464c-a03e-a781c6c9a68f",
"text": "New Commander with Serial ID: SG9ZKN70B5,
MAC Address: 38:21:c7:5c:c4:c0, Hostname: Commander,
Stack ID: 6a9cb0fb-2346-48df-a0c4-90237ea71afa, Group: 322 Connected,
Old Commander Serial ID: SG9ZKN709Y, Mac Address: 38:21:c7:5d:70:c0"
}

Stack Member Added

{
"id": "AXvGRNvsKFHq3kj2rOYF",
"nid": 1309,
"alert_type": "SWITCH_STACK_MEMBER_ADDED_REMOVED",
"setting_id": "698e8e55b6294a7daf4de0f80f51b231-1309",
"device_id": "SG9ZKN702T",
"description": "Stack Member with Serial ID: SG9ZKN702T,
MAC Address: 38:21:c7:5a:c5:80, Member ID: 4 and Role: ['Member']
Added To stack with Hostname: 6300, Stack ID: 6a9cb0fb-2346-48df-a0c4-90237ea71afa",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1631119006,
"details": {
"serial": "SG9ZKN702T",
"mac": "38:21:c7:5a:c5:80",
"mem_id": "4",
"role": [
"Member"
],
"action": "Added To",
"host": "6300",
"stack_id": "6a9cb0fb-2346-48df-a0c4-90237ea71afa",
"group": "326",
"time": "2021-09-08 16:36:46 UTC"
},
"webhook": "374b4438-dff9-464c-a03e-a781c6c9a68f",
"text": "Stack Member with Serial ID: SG9ZKN702T,
MAC Address: 38:21:c7:5a:c5:80, Member ID: 4 and Role: ['Member']
Added To stack with Hostname: 6300, Stack ID: 6a9cb0fb-2346-48df-a0c4-90237ea71afa"
}

Stack Member Removed

{
"id": "AXvGQ0JcKFHq3kj2rOXu",
"nid": 1309,
"alert_type": "SWITCH_STACK_MEMBER_ADDED_REMOVED",
"setting_id": "698e8e55b6294a7daf4de0f80f51b231-1309",
"device_id": "SG9ZKN702T",
"description": "Stack Member with Serial ID: SG9ZKN702T,
MAC Address: , Member ID: 4 and Role: ['Member'] Removed
From stack with Hostname: 6300, Stack ID: 6a9cb0fb-2346-48df-a0c4-90237ea71afa",
"state": "Open",
"severity": "Major",

Webhooks | 68
 "operation": "create",
"timestamp": 1631118901,
"details": {
"serial": "SG9ZKN702T",
"mac": "",
"mem_id": "4",
"role": [
"Member"
],
"action": "Removed From",
"host": "6300",
"stack_id": "6a9cb0fb-2346-48df-a0c4-90237ea71afa",
"group": "326",
"time": "2021-09-08 16:35:01 UTC"
},
"webhook": "374b4438-dff9-464c-a03e-a781c6c9a68f",
"text": "Stack Member with Serial ID: SG9ZKN702T,
MAC Address: , Member ID: 4 and Role: ['Member'] Removed From stack with
Hostname: 6300, Stack ID: 6a9cb0fb-2346-48df-a0c4-90237ea71afa"
}

Switch Port Duplex Mode

{
"id": "AXvFH4hFo68tULajP1c9",
"nid": 1306,
"alert_type": "SWITCH_INTERFACE_DUPLEX_MODE",
"setting_id": "6ec75df161974434b54e298a353d11f3-1306",
"device_id": "SG9ZKN7050",
"description": "Interface 1/1/2 on switch 6300 with serial
SG9ZKN7050 is operating at Half-Duplex mode",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1631099783,
"details": {
"group": "2848",
"labels": "",
"name": "6300",
"serial": "SG9ZKN7050",
"intf_name": "1/1/2",
"mode": "Half",
"time": "2021-09-08 11:16:23 UTC"
},
"webhook": "76f4af2c-a47c-4726-b9d3-133c45e8f436",
"text": "Interface 1/1/2 on switch 6300 with serial
SG9ZKN7050 is operating at Half-Duplex mode",
"cluster_hostname": "app-yoda.arubathena.com"
}

Gateway Alerts—Sample JSON

This section includes sample JSON content for the following alerts:
BGP Neighbor Route Limit
{
"id": "AXeDCfY2o68tULajXkth",
"nid": 1358,
"alert_type": "CONTROLLER BGP NEIGHBOR ROUTE LIMIT",
"setting_id": "a847a3aea73d4ba7b34c00323fb9ee7a-1358",
"device_id": "CV0012105",
"description": "BGP neighbor 172.30.1.102 route limit exceeded on device
MDC1-VPNC1-KSA-03_E1_A0(router_id=10.53.9.44, ASN=3002, serial=CV0012105,

Aruba Central | Reference Guide 69

limit=1,action=warning)",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612811204,
"details": {
"serial": "CV0012105",
"action": "warning",
"hostname": "MDC1-VPNC1-KSA-03_E1_A0",
"limit": "1",
"nbr_addr": "172.30.1.102",
"nbr_id": "10.53.9.44",
"nbr_as": "3002",
"group": "12",
"time": "2021-02-08 19:06:44 UTC"
},
"webhook": "f6f2b19a-31d5-445c-b340-eb1ca8a6fdd8",
"text": "BGP neighbor 172.30.1.102 route limit exceeded on device
MDC1-VPNC1-KSA-03_E1_A0(router_id=10.53.9.44, ASN=3002, serial=CV0012105,
limit=1,action=warning)"
}

CFG_Set_Advertisement_Failure
{
"id": "AXdnqE9jo68tULajSR8X",
"nid": 1554,
"alert_type": "CFG_SET_ADVERTISEMENT_FAILURE",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1554",
"device_id": "BIM0010001",
"description": "CFG-Set advertisement failure for Gateway BIM0010001 with serial
BIM0010001 on tunnel default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6 from
10.1.1.1 to 200.1.1.6",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612351819,
"details": {
"src_ip": "10.1.1.1",
"dst_ip": "200.1.1.6",
"alias_map_name": "default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6",
"map_name": "default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6",
"hostname": "BIM0010001",
"serial": "BIM0010001",
"group": "0",
"labels": [],
"time": "2021-02-03 11:30:19 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "CFG-Set advertisement failure for Gateway BIM0010001 with serial
BIM0010001 on tunnel default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6 from
10.1.1.1 to 200.1.1.6"
}

Controller BGP Session Error

{
"id": "AXeCfcXbbbaB9p462rCU",
"nid": 1355,
"alert_type": "CONTROLLER BGP SESSION ERROR",
"setting_id": "417fc95887044bcba9b3e2ce3830aecb-1355",
"device_id": "DL0002986",
"description": "BGP neighbor 103.1.1.2 is down (router-id=197.0.0.3, ASN=103,
serial=DL0002986)",
"state": "Open",
"severity": "Critical",

Webhooks | 70
 "operation": "create",
"timestamp": 1612802016,
"details": {
"serial": "DL0002986",
"nbr_addr": "103.1.1.2",
"nbr_as": "103",
"nbr_id": "197.0.0.3",
"group": "57",
"time": "2021-02-08 16:33:36 UTC"
},
"webhook": "5cbc87e4-9eb5-45d2-b890-b21db89ca5b4",
"text": "BGP neighbor 103.1.1.2 is down (router-id=197.0.0.3, ASN=103, serial=DL0002986)"
}

Controller_CPU_Over_Utilization
{
"id": "AXdi7ppYo68tULajRVeA",
"nid": 1351,
"alert_type": "CONTROLLER_CPU_OVER_UTILIZATION",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1351",
"device_id": "CNJJKLB0HB",
"description": "CPU utilization for Gateway WTH_9004-2 with serial CNJJKLB0HB has been
above 10% for about 5 minutes since 2021-02-02 13:24:00 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612272540,
"details": {
"name": "WTH_9004-2",
"unit": "%",
"serial": "CNJJKLB0HB",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "6039f9543bac449291bfcd19eb10d1eb.CNJJKLB0HB.cpu_utilization.5m",
"duration": "5",
"threshold": "10",
"time": "2021-02-02 13:24:00 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "CPU utilization for Gateway WTH_9004-2 with serial CNJJKLB0HB has been
above 10% for about 5 minutes since 2021-02-02 13:24:00 UTC."
}

Controller_Emergency_Up_Link_Mode
{
"id": "AXdjJsYpo68tULajRXTU",
"nid": 1353,
"alert_type": "CONTROLLER_EMERGENCY_UP_LINK_MODE",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1353",
"device_id": "BIM0010002",
"description": "Gateway BIM0010002 with serial BIM0010002 is operating on emergency mode
at 2021-02-02 14:30:21 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612276221,
"details": {
"name": "BIM0010002",
"serial": "BIM0010002",
"group": "0",
"labels": [],
"time": "2021-02-02 14:30:21 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",

Aruba Central | Reference Guide 71

 "text": "Gateway BIM0010002 with serial BIM0010002 is operating on emergency mode at
2021-02-02 14:30:21 UTC"
}

Controller_Memory_Over_Utilization
{
"id": "AXdiyfwQo68tULajRTiG",
"nid": 1352,
"alert_type": "CONTROLLER_MEMORY_OVER_UTILIZATION",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1352",
"device_id": "CNJJKLB0G6",
"description": "Memory utilization for Gateway WTH_9004-1 with serial CNJJKLB0G6 has been
above 30% for about 30 minutes since 2021-02-02 12:19:00 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612270140,
"details": {
"name": "WTH_9004-1",
"unit": "%",
"serial": "CNJJKLB0G6",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "6039f9543bac449291bfcd19eb10d1eb.CNJJKLB0G6.memory_utilization.5m",
"duration": "30",
"threshold": "30",
"time": "2021-02-02 12:19:00 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Memory utilization for Gateway WTH_9004-1 with serial CNJJKLB0G6 has been
above 30% for about 30 minutes since 2021-02-02 12:19:00 UTC."
}

Controller OSPF Session Error

{
"alert_type": "CONTROLLER OSPF SESSION ERROR",
"description": "OSPF session state change for Gateway with hostname GSK_VPNC2 and serial
CW0003307 from Init State to Down State
for neighbor 1.0.0.2 on interface 100 with reason No hello packets received from
neighbour.Inactivity timer fired",
"timestamp": 1564121712,
"webhook": "60785e88-9513-4352-94d6-ec25fedbeddc",
"setting_id": "b27f67fa44234c51a890fccea7c9b83e-1354",
"state": "Open",
"nid": 1354,
"details": {
"dst_state": "Down State",
"neighbour_ip": "1.0.0.2",
"group": "4",
"uniq_identifier": "100-16777218",
"labels": [
"2",
"11",
"12",
"15",
"13",
"8"
],
"src_state": "Init State",
"reason": "No hello packets received from neighbour.Inactivity timer fired",
"time": "2019-07-26 06:15:12 UTC",
"interface": "100",
"serial": "CW0003307",
"hostname": "GSK_VPNC2"

Webhooks | 72
 },
"operation": "create",
"device_id": "CW0003307",
"id": "AWws60Yxon2R5PyMmUU4",
"severity": "Major"
}

DHCP Pool Consumption Alert

{
"alert_type": "DHCP_POOL_CONSUMPTION_ALERT",
"description": "DHCP Pool Consumption on Gateway CNHHKLB031 is 12% at 2019-07-25 13:02:39
UTC for 192.168.53.0/24",
"timestamp": 1564059759,
"webhook": "394c7a3c-ca41-4476-8afc-857e54aa4b3b",
"setting_id": "abce082bef4a428bb31366f6d6ff223f-1510",
"state": "Open",
"nid": 1510,
"details": {
"subnet": "192.168.53.0/24",
"group": "77",
"name": "None",
"labels": "8,661",
"time": "2019-07-25 13:02:39 UTC",
"threshold": "12",
"serial": "CNHHKLB031",
"unit": "%"
},
"operation": "create",
"device_id": "CNHHKLB031",
"id": "AWwpOfQAVQO1ZtiGiE2H",
"severity": "Critical"
}

DPS_Compliance_Alert
{
"ack_by": null,
"ack_ts": 1579828824000,
"acknowledge": 0,
"cid": "201804172180",
"description": "SLA DPS Compliance Violations for Customer : aruba, Device Hostname :
bg2-ha2, Policy : all,
Uplink : 400_lte, Probe Ip: 52.52.253.87, Threshold Profile : {u'dps_threshold_profile_
name': u'BestForInternet',
u'dps_threshold_profile_packet_loss_value': 1, u'dps_threshold_profile_bw_util_value':
80,
u'dps_threshold_profile_latency_value': 1}, Violation Reason: Latency, Violation Value:
1.363ms",
"group_name": "",
"id": "AW_VItEnenGOhQ4XrMp_",
"labels": [],
"nid": 20,
"severity": 5,
"sites": [
{
"id": 38,
"name": "site_2"
}
],
"ts": 1579828824000,
"type": "DPS_COMPLIANCE_ALERT",
"type_desc": "SLA DPS Compliance Violations"
}

Gateway_Connected_to_Cluster

Aruba Central | Reference Guide 73

{
"id": "AXd9xwjio68tULajWyCm",
"nid": 1802,
"alert_type": "GATEWAY_CONNECTED_TO_CLUSTER",
"setting_id": "abce082bef4a428bb31366f6d6ff223f-1802",
"device_id": "None",
"description": "Gateway with name: c2c-7010-4-1 and serial: CG0020729 joined
cluster: C2C-253-YODA.",
"state": "Open",
"severity": "Warning",
"operation": "create",
"timestamp": 1612722931,
"details": {
"group": "278",
"labels": [],
"name": "c2c-7010-4-1",
"serial": "None",
"gateway": "CG0020729",
"cluster_name": "C2C-253-YODA",
"alert_key": "CG0020729",
"time": "2021-02-07 18:35:31 UTC"
},
"webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
"text": "Gateway with name: c2c-7010-4-1 and serial: CG0020729 joined
cluster: C2C-253-YODA."
}

Gateway_Disconnected_From_Cluster
{
"id": "AXd9vPKro68tULajWxzi",
"nid": 1803,
"alert_type": "GATEWAY_DISCONNECTED_FROM_CLUSTER",
"setting_id": "abce082bef4a428bb31366f6d6ff223f-1803",
"device_id": "54",
"description": "Gateway with name: c2c-7010-4-1 and serial: CG0020729 left
cluster: C2C-253-YODA.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612722270,
"details": {
"group": "278",
"labels": [],
"name": "c2c-7010-4-1",
"serial": "54",
"gateway": "CG0020729",
"cluster_name": "C2C-253-YODA",
"alert_key": "CG0020729",
"time": "2021-02-07 18:24:30 UTC"
},
"webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
"text": "Gateway with name: c2c-7010-4-1 and serial: CG0020729 left
cluster: C2C-253-YODA."
}

Gateway Cluster Leader Change

{
"id": "AXd9wglqo68tULajWx7a",
"nid": 1804,
"alert_type": "GATEWAY_CLUSTER_LEADER_CHANGE",
"setting_id": "abce082bef4a428bb31366f6d6ff223f-1804",
"device_id": "54",
"description": "Gateway with name: c2c-7010-3 and serial: CG0021234 became the leader of
cluster: C2C-253-YODA.",

Webhooks | 74
 "state": "Open",
"severity": "Minor",
"operation": "create",
"timestamp": 1612722604,
"details": {
"group": "278",
"labels": [],
"name": "c2c-7010-3",
"serial": "54",
"gateway": "CG0021234",
"cluster_name": "C2C-253-YODA",
"alert_key": "CG0021234",
"time": "2021-02-07 18:30:04 UTC"
},
"webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
"text": "Gateway with name: c2c-7010-3 and serial: CG0021234 became the leader of
cluster: C2C-253-YODA."
}

Gateway_Base_License_Capacity_Exceeded
{
"id": "AXdr-dsfo68tULajS0bj",
"nid": 1356,
"alert_type": "GATEWAY_BASE_LICENSE_CAPACITY_EXCEEDED",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1356",
"device_id": "SCA0000073",
"description": "Base license capacity limit exceeded for Gateway with
name: CSIM_SCA0000073, serial: SCA0000073",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612424272,
"details": {
"group": "0",
"labels": [],
"name": "CSIM_SCA0000073",
"serial": "SCA0000073",
"time": "2021-02-04 07:37:52 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Base license capacity limit exceeded for Gateway with
name: CSIM_SCA0000073, serial: SCA0000073"
}

Gateway Threat Count

{
"alert_type": "GW_IDS_IPS_ALERT_THREAT_OVER_A_PERIOD",
"id": "AXX7N0IhaFBUFq6FQ2R1",
"nid": 2305,
"setting_id": "8fc0df01a43b42aa9f8e9fbc3d3b9d35-2305",
"device_id": "TWJ6KSP005",
"description": "Dear Incident Manager, Your Aruba Central Portal admin configured an
email alert notification to be sent to this email address Why this alert? Aruba Branch
Gateway
https://app-yoda.arubathena.com/frontend/#/GATEWAYDETAIL/OVERVIEW/TWJ6KSP005aruba9004
_lte with serial number TWJ6KSP005exceeded 50 threat events in last 10 minutes,
triggering this CRITICAL Alert notification What is next? Reach out to your
Aruba Central Portal admin to address this incident .If not addressed or
if the situation escalates, you may continue to receive similar alert
notifications. More Information Go to
https://app-yoda.arubathena.com/frontend/#/IDPS_DASHBOARDSystem Generated Email
from Aruba Central based on alert configuration; do not reply Thanks, Aruba Central",
"state": "Close",

Aruba Central | Reference Guide 75

 "severity": "Critical",
"operation": "update",
"timestamp": 1606238738,
"details__threshold": 50,
"details__agg_field_name": "device",
"details__duration": 10,
"details__device": "TWJ6KSP005",
"details__severity": "CRITICAL",
"details__rule_id": 0,
"details__serial": "TWJ6KSP005",
"details__name": "aruba9004_lte",
"details__group_id": 73,
"details__time": "2020-11-24 16:55:04 UTC",
"webhook": "001378a5-bfb1-465e-a955-0034ef801136",
"text": "Dear Incident Manager, Your Aruba Central Portal admin configured an email
alert notification to be sent to this email address Why this alert? Aruba Branch
Gateway
https://app-yoda.arubathena.com/frontend/#/GATEWAYDETAIL/OVERVIEW/TWJ6KSP005aruba9004
_lte with serial number TWJ6KSP005exceeded 50 threat events in last 10 minutes,
triggering this CRITICAL Alert notification What is next? Reach out to your Aruba
Central Portal admin to address this incident. If not addressed or if the situation
escalates, you may continue to receive similar alert notifications.
More Information Go to
https://app-yoda.arubathena.com/frontend/#/IDPS_DASHBOARDSystem Generated Email
from Aruba Central based on alert configuration; do not reply Thanks, Aruba Central"
}

Gateway_Disconnected
{
"id": "AXdmLPpwo68tULajSCh_",
"nid": 303,
"alert_type": "GATEWAY_DISCONNECTED",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-303",
"device_id": "CNJJKLB0NZ",
"description": "Gateway WTH-9004-3 with serial CNJJKLB0NZ, MAC address 20:4c:03:b1:e0:22
and
IP address 192.168.142.2 disconnected. , Group:UTM, Site:UTM",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612326959,
"details": {
"params": [
"CNJJKLB0NZ",
"20:4c:03:b1:e0:22",
"192.168.142.2",
"WTH-9004-3",
"",
""
],
"group": "36",
"ts": "1612326547369",
"labels": "8",
"serial": "CNJJKLB0NZ",
"conn_status": "disconnected",
"time": "2021-02-03 04:35:59 UTC",
"group_name": "UTM",
"site_name": "UTM"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Gateway WTH-9004-3 with serial CNJJKLB0NZ, MAC address 20:4c:03:b1:e0:22 and
IP address 192.168.142.2 disconnected. , Group:UTM, Site:UTM"
}

Gateway Threat Count per Signature

Webhooks | 76
 {
"id": "AXdr6Yf3o68tULajSz4Y",
"nid": 2306,
"alert_type": "GW_IDS_IPS_ALERT_THREAT_SID_OVER_A_PERIOD",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-2306",
"device_id": "2821300",
"description": "Dear Incident Manager,<br/>Your <b>Aruba Central Portal</b> admin
configured
an email alert notification to be sent to this email address <br/><br/><b>Why
this alert?</b><br/>Threat events of signature id <b>2821300</b> exceeded the
threshold <b>50</b> in last <b>30</b> minutes, triggering this <b>CRITICAL</b> Alert
notification. <br/><br/><b>What is next? </b><br/>Reach out to your <b>Aruba Central
Portal</b> admin to address this incident.<br/>If not addressed or if the situation
escalates,
you may continue to receive similar alert notifications. <br/><br/><b>More
Information</b> <br/>Go to \"https://app-yoda.arubathena.com/frontend/#/IDPS_DASHBOARD\"
<br/><br/><i>System Generated Email from Aruba Central based on alert configuration;
do not reply.</i> <br/><br/>Thanks,<br/><br/>Aruba Central",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612423202,
"details": {
"threshold": "50",
"agg_field_name": "signature",
"duration": "30",
"signature": "2821300",
"severity": "CRITICAL",
"rule_id": "0",
"serial": "2821300",
"time": "2021-02-04 06:50:02 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Dear Incident Manager,<br/>Your <b>Aruba Central Portal</b> admin configured an
email alert notification to be sent to this email address <br/><br/><b>Why
this alert?</b><br/>Threat events of signature id <b>2821300</b> exceeded the
threshold <b>50</b> in last <b>30</b> minutes, triggering this <b>CRITICAL</b> Alert
notification.
<br/><br/><b>What is next? </b><br/>Reach out to your <b>Aruba Central Portal</b> admin
to
address this incident.<br/>If not addressed or if the situation escalates, you may
continue to
receive similar alert notifications. <br/><br/><b>More Information</b> <br/>Go
to \"https://app-yoda.arubathena.com/frontend/#/IDPS_DASHBOARD\" <br/><br/><i>System
Generated
Email from Aruba Central based on alert configuration; do not reply.</i>
<br/><br/>Thanks,<br/><br/>Aruba
Central"
}

Gateway IDS/IPS Engine Error State

{
"id": "AXdq-8_vo68tULajSqJi",
"nid": 2301,
"alert_type": "GW_IDS_IPS_ENGINE_ERROR_STATE_ALERT",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-2301",
"device_id": "CNJJKLB0G6",
"description": "IDS/IPS engine on Gateway WTH_9004-1 with serial CNJJKLB0G6 has moved to
an error (Stopped) state.",
"state": "Close",
"severity": "Critical",
"operation": "update",
"timestamp": 1612407706,
"details": {
"serial": "CNJJKLB0G6",

Aruba Central | Reference Guide 77

 "hostname": "WTH_9004-1",
"state": "Stopped",
"time": "2021-02-04 03:00:23 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "IDS/IPS engine on Gateway WTH_9004-1 with serial CNJJKLB0G6 has moved to an
error (Stopped) state."
}

Gateway IDS IPS Engine CPU Utilization

{
"id": "AXdq9flmo68tULajSqDN",
"nid": 2302,
"alert_type": "GW_IDS_IPS_ENGINE_CPU_OVER_UTILIZATION",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-2302",
"device_id": "CNJJKLB0HB",
"description": "CPU utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial
CNJJKLB0HB has been above 10% for about 11 minutes since 2021-02-04 02:43:01 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612407241,
"details": {
"name": "WTH_9004-2",
"unit": "%",
"serial": "CNJJKLB0HB",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "6039f9543bac449291bfcd19eb10d1eb.CNJJKLB0HB.idps.cpu.5m",
"duration": "11",
"threshold": "10",
"time": "2021-02-04 02:43:01 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "CPU utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial
CNJJKLB0HB has been above 10% for about 11 minutes since 2021-02-04 02:43:01 UTC."
}

Gateway IDS IPS Engine Memory Utilization

{
"id": "AXdq9fkVo68tULajSqDL",
"nid": 2303,
"alert_type": "GW_IDS_IPS_ENGINE_MEMORY_OVER_UTILIZATION",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-2303",
"device_id": "CNJJKLB0HB",
"description": "Memory utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial
CNJJKLB0HB has been above 2% for about 5 minutes since 2021-02-04 02:49:00 UTC.",
"state": "Open",
"severity": "Minor",
"operation": "create",
"timestamp": 1612407240,
"details": {
"name": "WTH_9004-2",
"unit": "%",
"serial": "CNJJKLB0HB",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "6039f9543bac449291bfcd19eb10d1eb.CNJJKLB0HB.idps.mem.5m",
"duration": "5",
"threshold": "2",
"time": "2021-02-04 02:49:00 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",

Webhooks | 78
 "text": "Memory utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial
CNJJKLB0HB has been above 2% for about 5 minutes since 2021-02-04 02:49:00 UTC."
}

Gateway IDS IPS Engine Packet Dropped Detected

{
"id": "AXdr8CPmo68tULajS0K8",
"nid": 2304,
"alert_type": "GW_IDS_IPS_ENGINE_PACKET_DROPPED_DETECTED",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-2304",
"device_id": "SCA0000004",
"description": "Packet drop for IDS/IPS engine on Gateway CSIM_SCA0000004 with serial
SCA0000004 has been above 75% for about 5 minutes since 2021-02-04 07:22:15 UTC.",
"state": "Open",
"severity": "Minor",
"operation": "create",
"timestamp": 1612423635,
"details": {
"name": "CSIM_SCA0000004",
"serial": "SCA0000004",
"threshold": "75",
"duration": "5",
"time": "2021-02-04 07:22:15 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Packet drop for IDS/IPS engine on Gateway CSIM_SCA0000004 with serial
SCA0000004 has been above 75% for about 5 minutes since 2021-02-04 07:22:15 UTC."
}

GW_Cluster_VLAN_Mismatch
{
"id": "AXd9rMzXo68tULajWxbZ",
"nid": 1801,
"alert_type": "GW_CLUSTER_VLAN_MISMATCH",
"setting_id": "abce082bef4a428bb31366f6d6ff223f-1801",
"device_id": "54",
"description": "There is a VLAN mismatch in cluster C2C-253-YODA between Gateway with
serial: CG0020729 and Gateway with serial: CG0021234.",
"state": "Close",
"severity": "Minor",
"operation": "update",
"timestamp": 1612722281,
"details": {
"gateway2": "CG0021234",
"gateway1": "CG0020729",
"serial": "54",
"alert_key": "CG0020729-CG0021234",
"time": "2021-02-07 18:06:52 UTC",
"cluster-name": "C2C-253-YODA",
"group": "278",
"labels": []
},
"webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
"text": "There is a VLAN mismatch in cluster C2C-253-YODA between Gateway with
serial: CG0020729 and Gateway with serial: CG0021234."
}

New_Gateway_Connected
{
"id": "AXd96oFqo68tULajWy28",
"nid": 301,
"alert_type": "NEW_GATEWAY_DETECTED",
"setting_id": "abce082bef4a428bb31366f6d6ff223f-301",

Aruba Central | Reference Guide 79

 "device_id": "CP0021763",
"description": "New Gateway GSK-7005-2 with serial CP0021763, MAC address
20:4c:03:11:eb:78 and IP
address 172.168.1.1 connected, Group:unprovisioned",
"state": "Open",
"severity": "Warning",
"operation": "create",
"timestamp": 1612725256,
"details": {
"group": "1",
"labels": "",
"_rule_number": "0",
"params": [
"CP0021763",
"20:4c:03:11:eb:78",
"172.168.1.1",
"GSK-7005-2"
],
"serial": "CP0021763",
"time": "2021-02-07 19:14:16 UTC",
"group_name": "unprovisioned"
},
"webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
"text": "New Gateway GSK-7005-2 with serial CP0021763, MAC address 20:4c:03:11:eb:78 and
IP
address 172.168.1.1 connected, Group:unprovisioned"
}

OAP_Channel_Connected
{

"id": "AXeC5dlWo68tULajXiwK",
"nid": 1359,
"alert_type": "CONTROLLER OAP CONNECTION",
"setting_id": "a847a3aea73d4ba7b34c00323fb9ee7a-1359",
"device_id": "CP0048220",
"description": "Overlay Route Orchestrator control connection is down for
Legacy2.0-BGW1-A7005-39_82_AC (serial=CP0048220)",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612808837,
"details": {
"hostname": "Legacy2.0-BGW1-A7005-39_82_AC",
"serial": "CP0048220",
"group": "22",
"time": "2021-02-08 18:27:17 UTC"
},
"webhook": "f6f2b19a-31d5-445c-b340-eb1ca8a6fdd8",
"text": "Overlay Route Orchestrator control connection is down for
Legacy2.0-BGW1-A7005-39_82_AC (serial=CP0048220)"
}

OAP_Channel_Disconnect
{
"id": "AXeC5dlWo68tULajXiwK",
"nid": 1359,
"alert_type": "CONTROLLER OAP CONNECTION",
"setting_id": "a847a3aea73d4ba7b34c00323fb9ee7a-1359",
"device_id": "CP0048220",
"description": "Overlay Route Orchestrator control connection is down for
Legacy2.0-BGW1-A7005-39_82_AC (serial=CP0048220)",
"state": "Close",
"severity": "Critical",

Webhooks | 80
 "operation": "update",
"timestamp": 1612808838,
"details": {
"hostname": "Legacy2.0-BGW1-A7005-39_82_AC",
"serial": "CP0048220",
"group": "22",
"time": "2021-02-08 18:27:17 UTC"
},
"webhook": "f6f2b19a-31d5-445c-b340-eb1ca8a6fdd8",
"text": "Overlay Route Orchestrator control connection is down for
Legacy2.0-BGW1-A7005-39_82_AC (serial=CP0048220)"
}

Route Table Limit Exceeded

{
"id": "AXeEaOYlo68tULajX4gT",
"nid": 1357,
"alert_type": "CONTROLLER ROUTE TABLE CAPACITY",
"setting_id": "a847a3aea73d4ba7b34c00323fb9ee7a-1357",
"device_id": "CP0059047",
"description": "Routing table for device Legacy-2.1-BGW2-A7005_5F_9A_2A exceeded
threshold(serial=CP0059047, IP=111.1.10.1, count=3463, max=4096)",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612834203,
"details": {
"serial": "CP0059047",
"ip_address": "111.1.10.1",
"count": "3463",
"hostname": "Legacy-2.1-BGW2-A7005_5F_9A_2A",
"max": "4096",
"group": "21",
"time": "2021-02-09 01:30:03 UTC"
},
"webhook": "f6f2b19a-31d5-445c-b340-eb1ca8a6fdd8",
"text": "Routing table for device Legacy-2.1-BGW2-A7005_5F_9A_2A exceeded
threshold(serial=CP0059047, IP=111.1.10.1, count=3463, max=4096)"
}

Route Table Capacity

{
"id": "AXeCfX4pPppb5nv9WSDi",
"nid": 1357,
"alert_type": "CONTROLLER ROUTE TABLE CAPACITY",
"setting_id": "417fc95887044bcba9b3e2ce3830aecb-1357",
"device_id": "DL0003539",
"description": "Routing table for device DC3_VPNC8_7240XM exceeded threshold
(serial=DL0003539, IP=2.3.1.5, count=29268, max=32768)",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612801998,
"details": {
"serial": "DL0003539",
"ip_address": "2.3.1.5",
"count": "29268",
"hostname": "DC3_VPNC8_7240XM",
"max": "32768",
"group": "57",
"time": "2021-02-08 16:33:18 UTC"
},
"webhook": "5cbc87e4-9eb5-45d2-b890-b21db89ca5b4",
"text": "Routing table for device DC3_VPNC8_7240XM exceeded threshold
(serial=DL0003539, IP=2.3.1.5, count=29268, max=32768)"

Aruba Central | Reference Guide 81

}

WAN_Auto_Negotiation
{
"id": "AXdnjuvwo68tULajSQyc",
"nid": 1506,
"alert_type": "WAN_UPLINK_AUTONEGOTIATION_STATE_CHANGE",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1506",
"device_id": "CNJJKLB0NZ",
"description": "WAN ports autonegotiaton speed changed from 1000 Mbps to Auto Mbps
for device WTH-9004-3 with serial CNJJKLB0NZ for uplink GE0/0/1 at 2021-02-03 11:02:35
UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612350155,
"details": {
"intf_name": "GE0/0/1",
"speed": "1000",
"new_speed": "Auto",
"hostname": "WTH-9004-3",
"serial": "CNJJKLB0NZ",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-03 11:02:35 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "WAN ports autonegotiaton speed changed from 1000 Mbps to Auto Mbps for
device WTH-9004-3 with serial CNJJKLB0NZ for uplink GE0/0/1 at 2021-02-03 11:02:35 UTC"
}

WAN Health-check failure

{
"id": "AXdk2LK6o68tULajRvY4",
"nid": 1501,
"alert_type": "WAN_UPLINK_REACHABILITY_HEALTH_CHECK_IP_FAILED",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1501",
"device_id": "CNJJKLB0HB",
"description": "WAN reachability check failed for Gateway WTH_9004-2 with serial
CNJJKLB0HB to Health Check IP 52.52.253.87 on uplink inet2_inet. Default-gateway is
reachable.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612304659,
"details": {
"default_gw_status": "reachable",
"intf_name": "inet2_inet",
"ip": "52.52.253.87",
"hostname": "WTH_9004-2",
"serial": "CNJJKLB0HB",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-02 22:24:19 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNJJKLB0HB
to Health Check IP 52.52.253.87 on uplink inet2_inet. Default-gateway is reachable."
}

WAN VPN-Peer unreachable

Webhooks | 82
 {
"id": "AXdncVpfo68tULajSPzi",
"nid": 1502,
"alert_type": "WAN_UPLINK_REACHABILITY_VPN_PEER_FAILED",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1502",
"device_id": "CNJJKLB0HB",
"description": "WAN reachability check failed for Gateway WTH_9004-2 with serial
CNJJKLB0HB
to VPN peer 192.168.103.99 on uplink inet2_inet. Default-gateway is unreachable.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612348217,
"details": {
"ip": "192.168.103.99",
"intf_name": "inet2_inet",
"default_gw_status": "unreachable",
"hostname": "WTH_9004-2",
"serial": "CNJJKLB0HB",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-03 10:30:17 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNJJKLB0HB to
VPN peer 192.168.103.99 on uplink inet2_inet. Default-gateway is unreachable."
}

WAN Uplink Status Change

{
"id": "AXdnjgBlo68tULajSQwz",
"nid": 1505,
"alert_type": "WAN_UPLINK_STATUS_CHANGE",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1505",
"device_id": "CNJJKLB0NZ",
"description": "Uplink port inet_inet status change UP -> DOWN for device WTH-9004-3
with serial CNJJKLB0NZ at 2021-02-03 11:01:35 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612350095,
"details": {
"intf_name": "inet_inet",
"status": "UP",
"current_status": "DOWN",
"uplink_tag": "inet_inet",
"hostname": "WTH-9004-3",
"serial": "CNJJKLB0NZ",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-03 11:01:35 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Uplink port inet_inet status change UP -> DOWN for device WTH-9004-3
with serial CNJJKLB0NZ at 2021-02-03 11:01:35 UTC"
}

WAN_Uplink_Flap
{

Aruba Central | Reference Guide 83

 "id": "AXe2GwY1o68tULajexWO",
"nid": 1600,
"alert_type": "WAN_UPLINK_FLAP",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1600",
"device_id": "CNJJKLB0G6",
"description": "Uplink inet_inet link status flapped 1% on device WTH_9004-1 with serial
CNJJKLB0G6
for about 15 minutes since 2021-02-18 16:51:00 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1613667960,
"details": {
"intf_name": "inet_inet",
"status": "DOWN",
"current_status": "UP",
"uplink_tag": "inet_inet",
"hostname": "WTH_9004-1",
"unit": "%",
"serial": "CNJJKLB0G6",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "6039f9543bac449291bfcd19eb10d1eb.CNJJKLB0G6.uplink.flap.5m",
"duration": "15",
"threshold": "1",
"time": "2021-02-18 16:51:00 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Uplink inet_inet link status flapped 1% on device WTH_9004-1 with serial
CNJJKLB0G6
for about 15 minutes since 2021-02-18 16:51:00 UTC."
}

WAN_Tunnel_Flap
{
"id": "AXe2H5oGo68tULajexfD",
"nid": 1601,
"alert_type": "WAN_TUNNEL_FLAP",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1601",
"device_id": "CNJJKLB0G6",
"description": "Tunnel WTH_9004-1:inet_inet::GSK_VPNC2:vlan103 status flapped 1% on
device
WTH_9004-1 with serial CNJJKLB0G6 for about 15 minutes since 2021-02-18 16:56:00 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1613668260,
"details": {
"src_ip": "192.168.32.10",
"dst_ip": "192.168.103.99",
"alias_map_name": "WTH_9004-1:inet_inet::GSK_VPNC2:vlan103",
"uplink_tag": "inet_inet",
"hostname": "WTH_9004-1",
"unit": "%",
"serial": "CNJJKLB0G6",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "6039f9543bac449291bfcd19eb10d1eb.CNJJKLB0G6.uplink.tunnel.flap.5m",
"duration": "15",
"threshold": "1",
"time": "2021-02-18 16:56:00 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",

Webhooks | 84
 "text": "Tunnel WTH_9004-1:inet_inet::GSK_VPNC2:vlan103 status flapped 1% on device
WTH_9004-1 with serial CNJJKLB0G6 for about 15 minutes since 2021-02-18 16:56:00 UTC."
}

WAN_Auto_Negotiation_Flap
{
"alert_type": "WAN_AUTO_NEGOTIATION_FLAP",
"description": "Uplink GE0/0/1 speed flapped 1% on device CNHHKLB031 for about
15 minutes since 2019-07-25 12:32:00 UTC.",
"timestamp": 1564058820,
"webhook": "394c7a3c-ca41-4476-8afc-857e54aa4b3b",
"setting_id": "abce082bef4a428bb31366f6d6ff223f-1602",
"state": "Open",z
"nid": 1602,
"details": {
"new_speed": "Auto",
"group": "77",
"labels": "8,661",
"duration": "15",
"_rule_number": "0",
"intf_name": "GE0/0/1",
"time": "2019-07-25 12:32:00 UTC",
"threshold": "1",
"ds_key": "abce082bef4a428bb31366f6d6ff223f.CNHHKLB031.uplink.speed.flap.5m",
"serial": "CNHHKLB031",
"speed": "1000",
"unit": "%"
},
"operation": "create",
"device_id": "CNHHKLB031",
"id": "AWwpK55sVQO1ZtiGh8zr",
"severity": "Minor"
}

WAN_IPsec_SA_Establishment_Failed
{
"id": "AXdi4-5Bo68tULajRU_R",
"nid": 1550,
"alert_type": "WAN_IPSEC_SA_ESTABILSHMENT_FAILED",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1550",
"device_id": "CNJJKLB0NZ",
"description": "IPSec Tunnel Establishment from 192.168.36.10 to 192.168.103.99 failed on
device WTH-9004-3 with serial CNJJKLB0NZ at 2021-02-02 13:17:20 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612271840,
"details": {
"src_ip": "192.168.36.10",
"dst_ip": "192.168.103.99",
"alias_map_name": "WTH-9004-3:inet_inet::GSK_VPNC2:vlan103",
"link_tag": "inet_inet",
"hostname": "WTH-9004-3",
"serial": "CNJJKLB0NZ",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-02 13:17:20 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "IPSec Tunnel Establishment from 192.168.36.10 to 192.168.103.99 failed on
device WTH-9004-3 with serial CNJJKLB0NZ at 2021-02-02 13:17:20 UTC"
}

WAN_IPsec_SA_Down

Aruba Central | Reference Guide 85

{
"id": "AXdi4Qjgo68tULajRUzp",
"nid": 1551,
"alert_type": "WAN_IPSEC_SA_DOWN",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1551",
"device_id": "CNJJKLB0G6",
"description": "IPSec tunnel WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103 from 192.168.31.10
to
192.168.103.99 is DOWN on device WTH_9004-1 with serial CNJJKLB0G6. Reason:
Administrator
cleared IPSEC SA at 2021-02-02 13:14:11 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612271651,
"details": {
"src_ip": "192.168.31.10",
"dst_ip": "192.168.103.99",
"reason": "Administrator cleared IPSEC SA",
"alias_map_name": "WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103",
"uplink_tag": "inet2_inet",
"hostname": "WTH_9004-1",
"serial": "CNJJKLB0G6",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-02 13:14:11 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "IPSec tunnel WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103 from 192.168.31.10 to
192.168.103.99 is DOWN on device WTH_9004-1 with serial CNJJKLB0G6. Reason:
Administrator
cleared IPSEC SA at 2021-02-02 13:14:11 UTC"
}

WAN_IPsec_SA_All_Down
{
"id": "AXdi4Qoyo68tULajRUzs",
"nid": 1552,
"alert_type": "WAN_IPSEC_SA_ALL_DOWN",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1552",
"device_id": "CNJJKLB0G6",
"description": "All IPSec SAs down for device WTH_9004-1 with serial CNJJKLB0G6 at
2021-02-02 13:14:11 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612271651,
"details": {
"hostname": "WTH_9004-1",
"serial": "CNJJKLB0G6",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-02 13:14:11 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "All IPSec SAs down for device WTH_9004-1 with serial CNJJKLB0G6 at
2021-02-02 13:14:11 UTC"
}

Gateway Cellular Data Usage

Webhooks | 86
 {
"id": "AXuqDamDKFHq3kj2qihO",
"nid": 1511,
"alert_type": "CELLULAR_DATA_USAGE",
"setting_id": "082445a5b8264597bce334f932c9a3a4-1511",
"device_id": "TWJCKSP01C",
"description": "Cellular data usage 11 MB has exceeded the configured limit 1 MB
for Gateway Aruba9004-LTE with serial TWJCKSP01C",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1630645627,
"details": {
"usage": "11 MB",
"limit": "1 MB",
"name": "Aruba9004-LTE",
"serial": "TWJCKSP01C",
"group": "6",
"labels": [],
"time": "2021-09-03 05:07:07 UTC"
},
"webhook": "a7b7f0de-2465-4340-b491-d9ea676326f3",
"text": "Cellular data usage 11 MB has exceeded the configured limit 1 MB
for Gateway Aruba9004-LTE with serial TWJCKSP01C"
}

Gateway Firmware Upgrade Failed

{
"id": "AXvSPh4-KFHq3kj2rcg9",
"nid": 2201,
"alert_type": "GW_FW_UPGRADE_FAILURE",
"setting_id": "082445a5b8264597bce334f932c9a3a4-2201",
"device_id": "",
"description": "Firmware upgrade failed for gateway
(NAME Aruba9004-LTE_95_EA_76 SN MAC 20:4c:03:95:ea:76)",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1631319891,
"details": {
"mac": "20:4c:03:95:ea:76",
"hostname": "Aruba9004-LTE_95_EA_76",
"serial": "",
"group": "6",
"labels": "",
"_rule_number": "0",
"params": "",
"time": "2021-09-11 00:24:51 UTC"
},
"webhook": "87fae42a-78ec-45c0-a22a-4f81417cad56",
"text": "Firmware upgrade failed for gateway
(NAME Aruba9004-LTE_95_EA_76 SN MAC 20:4c:03:95:ea:76)"
}

Miscellaneous Alerts—Sample JSON

This section includes sample JSON content for the following alerts:
Device Config Change Detected
{
"alert_type": "DEVICE_CONFIG_CHANGE_DETECTED",

Aruba Central | Reference Guide 87

 "description": "Config change detected on group nbapi_test for device type Switch by user
[email protected].\n\nSerial: None, \nMacAddress: None,
\nConfig Content: Template Updated
\nmodel: ALL\nversion: ALL\ndevice_type: HPPC\ntemplate changes: \n @@ -18,6 +18,6
@@\n\n\n
ip address dhcp-bootp\n\n exit\n\n vlan 13\n\n- name \"vlan_8888\"\n\n+ name \"vlan_
44\"\n\n no ip address\n\n exit ",
"timestamp": 1564383294,
"webhook": "272eda1a-f79b-4192-ad6f-b35da11515bc",
"setting_id": "715e45fe3ff8453da355cd34aff2afa5-2000",
"state": "Open",
"nid": 2000,
"details": {
"config_change": "Template Updated\nmodel: ALL\nversion: ALL\ndevice_type:
HPPC\ntemplate changes: \n @@ -18,6 +18,
6 @@\n\n\n ip address dhcp-bootp\n\n exit\n\n vlan 13\n\n- name \"vlan_8888\"\n\n+
name \"vlan_44\"\n\n no ip address\n\n exit ",
"macaddr": "None",
"group": "8",
"dev_type": "Switch",
"labels": "None",
"group_name": "nbapi_test",
"_rule_number": "0",
"params": "None",
"user": "[email protected]",
"time": "2019-07-29 06:54:54 UTC",
"serial": "None"
},
"operation": "create",
"device_id": "",
"id": "AWw8grSBeZ6A6PlBvMk4",
"severity": "Warning"
}

User Account Deleted

{
"alert_type": "User account deleted",
"description": "User with name [email protected] deleted.",
"timestamp": 1569234480,
"webhook": "057b0a95-9f06-4a0f-b4bf-149a28d749b3",
"setting_id": "573b0412517a41c8a73a80f3e74ff0d2-15",
"state": "Open",
"nid": 15,
"details": {
"group": "-1",
"labels": "None",
"params": [
"[email protected]"
],
"_rule_number": "0",
"time": "2019-09-23 10:28:00 UTC"
},
"operation": "create",
"device_id": "",
"id": "AW1dqe6rYu0OgJ2alXzT",
"severity": "Major"
}

New User Account Added

{
"alert_type": "New User account added",
"description": "User account setting updated for user: [email protected] with
language:en_US and idle timeout: 1800",
"timestamp": 1569234534,

Webhooks | 88
 "webhook": "057b0a95-9f06-4a0f-b4bf-149a28d749b3",
"setting_id": "573b0412517a41c8a73a80f3e74ff0d2-14",
"state": "Open",
"nid": 14,
"details": {
"group": "-1",
"labels": "None",
"params": [],
"_rule_number": "0",
"time": "2019-09-23 10:28:54 UTC"
},
"operation": "create",
"device_id": "",
"id": "AW1dqr6nYu0OgJ2alX1l",
"severity": "Major"
}

User Account Edited

{
"alert_type": "User account edited",
"description": "User with Name [email protected], role readwrite and access [] updated.",
"timestamp": 1569235100,
"webhook": "057b0a95-9f06-4a0f-b4bf-149a28d749b3",
"setting_id": "573b0412517a41c8a73a80f3e74ff0d2-16",
"state": "Open",
"nid": 16,
"details": {
"group": "-1",
"labels": "None",
"params": [
"[email protected]",
"readwrite",
"[]"
],
"_rule_number": "0",
"time": "2019-09-23 10:38:20 UTC"
},
"operation": "create",
"device_id": "",
"id": "AW1ds2LcYu0OgJ2alYM2",
"severity": "Major"
}

Aruba Central | Reference Guide 89