Hello,
A customer tried installing a new AP and it gets stuck in "approved-ready-for-cert" for some reason. Auto Cert is enabled for all networks
#show control-plane-security
Control Plane Security Profile
------------------------------
Parameter Value
--------- -----
Control Plane Security Enabled
Auto Cert Provisioning Enabled
Auto Cert Allow All Enabled
Auto Cert Allowed Addresses N/A
I tried removing it from the whitelist but it just comes back in the same state.
I tried manually setting state certified-factory-cert but ut ended up in certified-hold-factory-cert
They tried a different switchport and a different AP on the same switchport aswell but it didn't help.
There is a FW between the AP and controller but we have verified that there are no blocks.
show tpm cert-info shows a generated factory certificate that expires in 2032.
The log is spitting out this error:
Jul 12 09:55:03 stm[3951]: <305049> <WARN> |stm| Unsecure AP xxxxxxxxxx has been denied access because Control Plane Security is enabled and the AP is not approved.
Anyone got an idea what might be wrong?
/Johan