Wireless Access

Reply
Occasional Contributor II
Posts: 10
Registered: ‎07-13-2016

Aruba AP275 with old certificate

I have an AP275 that's mounted in a very awkward place.  The controller sees it very quickly, however, it gets removed as a mesh point I believe due to having an old certificate.  It was powered off when an OS upgrade happened on the controller.  How can I get a new certificate in this AP without having to take it down and plugging it into a network connection?

MVP
Posts: 1,310
Registered: ‎11-07-2008

Re: Aruba AP275 with old certificate

None of Aruba's APs use certs for mesh, it's all based on WPA2-PSK or Open. Was there a config change where the mesh config changed in any way? Is it coming up in recovery mode? Was the controller itself replaced at some point? If you leave it up does it eventually come up in recovery mode? Are you using CPSec?

Jerrod Howard
Sr. Techical Marketing Engineer
Occasional Contributor II
Posts: 10
Registered: ‎07-13-2016

Re: Aruba AP275 with old certificate

1. There was no config change in the mesh at all.

2. It's coming up on the MESH.  VERy very briefly.  It actually appears as connect in the controller GUI, then changes to disconnected, then appears as an unprovisioned AP, then connects, .... in a loop.

3. Controller was not replaced.

4. I am using CPSec.

MVP
Posts: 1,310
Registered: ‎11-07-2008

Re: Aruba AP275 with old certificate

If you look in the CPSec whitelist, if you are finding it is getting denied in the CPSec whitelist, you can enable temporarily auto-cert provisioning to allow it to come back in. Otherwise open a TAC case to have them look at the logs and figure out what changed that would have either changed the mesh point config or determine what happened during the upgrade.

 

Also as a separate question, is your portal on Ch165? If so, move it to 149 temporarily and see if it comes up.

Jerrod Howard
Sr. Techical Marketing Engineer
Occasional Contributor II
Posts: 10
Registered: ‎07-13-2016

Re: Aruba AP275 with old certificate

Where do I go to see if it's getting denied?  and how do I enable "temporarily auto-cert provisioning"?  Right now I see the cert-type as factory-cert and the state is "Approved-ready-for-cert"

Occasional Contributor II
Posts: 10
Registered: ‎07-13-2016

Re: Aruba AP275 with old certificate

My control plane security looks like this:

 


Control Plane Security Profile
------------------------------
Parameter                    Value
---------                    -----
Control Plane Security       Enabled
Auto Cert Provisioning       Enabled
Auto Cert Allow All          Enabled
Auto Cert Allowed Addresses  N/A

 

Because I'm already allow all enabled, do I still have to enter in the IP address of that specific AP that's giving me grief?  could this break others connectivity?

MVP
Posts: 1,310
Registered: ‎11-07-2008

Re: Aruba AP275 with old certificate

See screenshot. What is the macaddr of your 275 point and where is it in your whitelist? Also if you want to PM me your show-tech, I can look it over. Otherwise, open a TAC case and they can likely get your covered. Also, is your portal on Ch 165?

Jerrod Howard
Sr. Techical Marketing Engineer
MVP
Posts: 1,310
Registered: ‎11-07-2008

Re: Aruba AP275 with old certificate

So I would recommend opening a TAC case to get them to look it over.

Jerrod Howard
Sr. Techical Marketing Engineer
Occasional Contributor II
Posts: 10
Registered: ‎07-13-2016

Re: Aruba AP275 with old certificate

It did just reboot and come up with the status " UMY "

Occasional Contributor II
Posts: 10
Registered: ‎07-13-2016

Re: Aruba AP275 with old certificate

OK, Thank you Jerrod!

Search Airheads
Showing results for 
Search instead for 
Did you mean: