Environment : This article applies to Aruba OS 6.3.1.x and above.
Starting from Aruba OS 6.3.1.x, RAP whitelist can be stored in CPPM which can be used authenticate the Remote AP's.
The controller validates the cert-based and PSK RAPs with the CPPM as they try to connect to the controller.
The cert-based RAP get the parameters Aruba-AP-Group, Aruba-AP-Location-Id and Aruba-AP-IP-Address from the external whitelist db (CPPM) as it authenticates and the PSK RAPs do not get provisioned by the parameters returned from CPPM.
External whitelist db supports three parameters to be configured as radius VSAs.
Aruba-AP-IP-Address (remote-ip): If this parameter is not configured in the CPPM server, RAP picks up the ip address from the available l2tp pool configured in the Aruba Controller.
Aruba-Location-Id (ap-name): If this parameter is not configured in the CPPM server, RAP mac address will be used as the ap-name (when a RAP is provisioned for the first time). Otherwise, RAP uses the ap-name that was previously configured.
Aruba-AP-Group (ap-group): If this parameter is not configured in the CPPM server, ‘default’ ap-group will be assigned to RAP (when a RAP is provisioned for the first time). Otherwise, RAP uses the ap-group that was previously configured.