The remote AP (RAP) white list is the method where a controller could manage which RAP is allowed to terminate on the controller, which AP group it assigned to and etc. The RAP wired MAC address is needed in order for the certificate based RAP to establish the IPSEC tunnel successfully with the controller.
There are various ways the RAP white list could be managed. When you provision the RAP through the controller web interface, the wired MAC address will be added into the white list table automatically. However, when you're provisioning the RAP using the Aruba Instant Convert option, you will need to enter it manually into the controller. Alternatively, if the entries are available in the Activate server, you can configure the controller to pull the entries in to the controller.
This solution will allow user to enter a list of comma separated RAP wired MAC addresses and the system will generate the configuration codes where you can apply them into your controller. The three operation supported are add, delete and revoked. Note that the white list command is introduced since AOS 6.3 release, and prior AOS versions are using the local-userdb command.
Aruba Mobility Controller 7210 running AOS 18.104.22.168 build 43121
Access Point License.
- [User Guide] Converting IAP to RAP or CAP