Controller Based WLANs

What is the function of the "cert_cap" flag in ArubaOS 5.0?

Product and Software: This article applies to ArubaOS 5.0 Beta version.

 

 

In ArubaOS 5.0, to support CPSec, the "cert_cap" flag is introduced in APboot configuration.

apboot> print
cert_cap=1

 

 

 

When you disable the CPSec on ArubaOS 5.0, this flag is not removed automatically. The AP initiates the "setup_ipsec" message to the controller and gets "the RC_ERROR_CPSEC_DENIED" message from controller. The AP switches to clear mode.

[295]1999-12-31 16:01:45 setup_ipsec: sapd_num_lms=1 sapd_cur_lms=0 ip=192.168.110.3, client=0
[295]1999-12-31 16:01:45 Starting rapper 0 to 192.168.110.3:8423
[295]1999-12-31 16:01:45 start_tunnel_up_timer: sapd_cur_lms=0
[295]1999-12-31 16:01:45 Error: Received RC_OPCODE_ERROR lms 192.168.110.3 tunnel 0.0.0.0 RC_ERROR_CPSEC_DENIED
[295]1999-12-31 16:01:45 sapd_proc_redun_msg:2970
[295]1999-12-31 16:01:45 State REDUN_STATE_TUNNEL_MASTER Event REDUN_EVENT_TUNNEL_DOWN Next state REDUN_STATE_TUNNEL_MASTER
[295]1999-12-31 16:01:45 Tunnel 0 down. data(0|Port)=8423
[295]1999-12-31 16:01:45 State REDUN_STATE_TUNNEL_MASTER Event REDUN_EVENT_RETRY Next state REDUN_STATE_TUNNEL_MASTER
[295]1999-12-31 16:01:45 redun_retry_tunnel: setting up tunnel to 0, retry=62
[295]1999-12-31 16:01:45 redun_retry_tunnel: Switching to clear. Ipsec not successful after reboot

 

 

 

You have a choice to unset that flag manually on the AP, which forces the AP to go back to the legacy clear mode without doing any IPsec attempts.
apboot> set cert_cap

 

Version History
Revision #:
1 of 1
Last update:
‎07-05-2014 03:40 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.