Extreme Networks

Joseph_Burnswor · ‎11-10-2015

How to create a reboot schedule for Extreme Networks Identify AP’s

1. Log into the controller via SSH

2. Input the username and password for the controller (same as the web GUI login). Then after login type shell. Enter the password that you used to log into the controller.

3. On the controller, run 'ssh-keygen’ and go through the prompts to create a public (id_rsa.pub) and private (id_rsa) keypair for use with authentication. These get dumped into a .ssh folder in the user's directory (in this case, root, so /root). There's an option to apply a passphrase to the private key, but opted not to do it, as it would have to be put in before connecting (basically, it provides the option to provide a password locally to unlock a key instead of sending a password over the network for authentication)

After running ssh-keygen you will get a pblic key similar to this. Example:

“ssh-rsaAAAAB3NzaC1yc2EAAAABIwAAAQEA+1JVD+Vm7zvTc8A7tfyzoYeUEmurWdizPlMbi6KDxm.gifsW4n/XaDNNnIMXUTdg4qEpXxS/xEyyp02XMN3S7bnC5WvlL8qAZE4derZzoob4o6cwlohah/m2xVxDw5qhHyUKzB4NF8DTLxbCJ9fqHGvxxj/+4hs9+JUDBxYygrG6AKNtEW4KWIGCoyNO2SOtZM1VeXopidwwK6xsN11CNYujeIqOOkmwtYy7Z7evVZ+1hiQIeTedF+Nu330aQedQnH1E8iaip3RRg7Lup1u+I3LfluKC+sb6QzO6dCJ8ITJyYzstkAdERbNK7EwrVB55S5DsjrflRLFt2ZxN66uIJQ== root@EWC.extremenetworks.com”

4. Then you need to create the ssh script

5. Type cd /root to change directory to the root folder and then create script. Type vi rebootap.sh

6. This will place you in the vi console. Now type your script. You need an entry for every AP (ex.)

#!/bin/bash

ssh admin@10.10.22.2 "/sbin/reboot"

ssh admin@10.10.22.3 "/sbin/reboot"

ssh admin@10.10.22.4 "/sbin/reboot"

ssh admin@10.10.22.5 "/sbin/reboot"

ssh admin@10.10.22.6 "/sbin/reboot"

ssh admin@10.10.22.7 "/sbin/reboot"

ssh admin@10.10.22.8 "/sbin/reboot"

ssh admin@10.10.22.9 "/sbin/reboot"

ssh admin@10.10.22.10 "/sbin/reboot"

ssh admin@192.168.104.20 "/sbin/reboot"

ssh admin@192.168.104.73 "/sbin/reboot"

ssh admin@192.168.104.25 "/sbin/reboot"

ssh admin@192.168.104.80 "/sbin/reboot"

ssh admin@192.168.104.72 "/sbin/reboot"

ssh admin@192.168.104.23 "/sbin/reboot"

ssh admin@192.168.104.79 "/sbin/reboot"

ssh admin@192.168.104.28 "/sbin/reboot"

ssh admin@192.168.104.82 "/sbin/reboot"

ssh admin@192.168.104.76 "/sbin/reboot"

ssh admin@192.168.104.75 "/sbin/reboot"

7. Then hit the esc button and then type ctrl+q then w then q then ! (This will write, save, and quit the file in vi

8. Now ssh into every AP and paste this command

On each AP, we created a folder .ssh in /root, and created a file inside called 'authorized_keys', in which we put the contents of the controller's id_rsa.pub file. When connecting via SSH, the combo of the controller's private key and public key in the authorized_keys file will complete the authentication without the need for a password.

One thing to note is that for each device you connect to, if it's the first time, it'll prompt you with a message about the host fingerprint, e.g.:

The authenticity of host 'my.computer.local (xx.xx.xx.xx)' can't be established.

RSA key fingerprint is 6a??e0??56:f8:0c:04:11:5b:ef:4d:49??09:23.

Are you sure you want to continue connecting (yes/no)?

When you continue connecting, that key/hostname/ip combo gets put in the controller's 'known_hosts' file, also in the .ssh directory. Subsequent connections verify that the host fingerprint matches (to prevent man-in-the-middle attacks); if the host you're connecting to has had OpenSSH reinstalled (due to format, etc.), the fingerprint will probably change, no longer match, and fail to connect. You would need to edit the 'known_hosts' file and remove the old entry (This will allow the controller to SSH into the AP without a password)

To do this, you would take the key that was created in ssh-keygen and place it into this small script that you can copy and paste after you ssh into the AP.Example:

mkdir .ssh

echo "ssh-rsaAAAAB3NzaC1yc2EAAAABIwAAAQEA+1JVD+Vm7zvTc8A7tfyzoYeUEmurWdizPlMbi6KDxm.gifsW4n/XaDNNnIMXUTdg4qEpXxS/xEyyp02XMN3S7bnC5WvlL8qAZE4derZzoob4o6cwlohah/m2xVxDw5qhHyUKzB4NF8DTLxbCJ9fqHGvxxj/+4hs9+JUDBxYygrG6AKNtEW4KWIGCoyNO2SOtZM1VeXopidwwK6xsN11CNYujeIqOOkmwtYy7Z7evVZ+1hiQIeTedF+Nu330aQedQnH1E8iaip3RRg7Lup1u+I3LfluKC+sb6QzO6dCJ8ITJyYzstkAdERbNK7EwrVB55S5DsjrflRLFt2ZxN66uIJQ== root@EWC.extremenetworks.com" > .ssh/authorized_keys

exit

9. Now lets create the cronjob on the controller

Type crontab –e “0 1 * * * /root/rebootap.sh”

This will create the reboot schedule and will reboot the AP’s at 1am every day. The schedule can be edited on an as per needed basis.

Doug · ‎11-12-2015

Please note, we typically don't suggest access to the ap shell unless it's for debugging reasons. When gaining access to the shell we specifically note at the login prompt: "AP3805e 09.21.04.0007 interactive shell for service personnel only"Scripts accessing the shell or any modifications to an ap via shell would not be supported if any issues arise.

Doug Hyde
Director, Technical Support / Extreme Networks

Doug · ‎11-11-2015

Also as of 9.21.xx code.... https://gtacknowledge.extremenetworks.com/articles/Q_A/On-the-IdentiFi-Appliance-can-I-schedule-all-...

Doug Hyde
Director, Technical Support / Extreme Networks

Joseph_Burnswor · ‎11-10-2015

That's a lot simpler than mine. I like it

Jeremy_Gibbs · ‎11-10-2015

I have a more complex one, but here is a simple little script.

#!/usr/bin/expect -f
set f [open "aps"]
set data [read $f]
close $f

foreach line [split $data \n] {
spawn ssh -o "StrictHostKeyChecking no" admin@$line
expect "password: "
send "new2day\r"
expect "\*# "
send -- "reboot\r"
send -- "exit\r"
sleep 30
expect eof
}

aps is a file with a list of IP addresses such as
10.3.1.1
10.3.1.2
10.3.1.3

new2day is the default AP password. We have changed ours, but whatever works.

Extreme Networks

Extreme AP Reboot Schedule

Extreme AP Reboot Schedule