Question: Can I bring up Remote-AP (RAP) on 800 controller using zero-touch/Certificate based method?
Environment: This article applies to Aruba Mobility 800 Controller running any version of ArubaOS.
Zero Touch Provisioning is the ability to take a RAP-5WN or a RAP-2WG and point it to a controller without having to configure it from the controller itself. You would just put the mac address of the AP into the RAP whitelist, and anyone you send that AP to can bring up the AP on controller remotely.
Both the AP and the Controller would have the built-in Trusted Platform Module (TMP) with the factory certificate that is used to authenticate themselves to the other.
Legacy Controllers (200/800/2400/SC1/SC2), do not come with TPM module and thereby cannot perform Certificated based authentication to bring the RAP remotely.
For legacy controllers, connect the RAP in same L2 network as that of the controller and bring it as a Campus AP and then convert it as a RAP using IKE preshared key and the controller public IP from provisioning page. Click Apply and Reboot on provisioning page and disconnect the RAP when its re-booting.
Then, connect the RAP at the remote location and it would come-up on legacy controller.