Wireless Access

Hi,

 

I'm currently done with an RAP configuration. It's my first one and here is the situation :

 

-The AP that I turned into and RAP was previously on the CAP Whitelist. I did some test with it and everyting was working well

-After provisioning it to be an RAP, it work like a charm.

-Then I saw no entry in the RAP Whitelist. I asked myself what it does if I delete the entry of that AP in the CAP Whitlist.

-I did it and even after several reboot, my RAP is still fonctionnal with no entry in the CAP and RAP Whitelist.

 

Is that normal ? How it work ? How can I block or revoke that RAP now ?

 

Is this because the AP was previously authenticate that it doesn't need anymore ?

Oh.... Is that because I used the PSK authentication for my RAP ? So it doesn't need to be in a whitelist ?

 

What is the better case ? Cert Auth or PSK auth ? All my RAP will be inside of our MPLS network. We want to use RAP only due of Capacity limitation for CAP on a 3400.

Him now trying to configure a RAP with Cert (No PSK) and the Whitelist.

 

Here is some info :

 

AP name : RAP100-01-WAP105

IP address : 192.168.100.131

VPN IP Pool : 192.168.10.10 to 192.168.10.100

 

What's happening : The AP reboot after a provisionning. I see the entry in the RAP Whitelist adding automaticly by the controller. When the AP is once again available, I got these flag: Rc2ID. It seems that he's able to have an IP address in the pool to. Then, after 1min30sec UP, the AP reboot and enter in the CAP Whitelist and become a normal CAP with only flag : 2

 

My AP work perfectly with the PSK method. (Flag : R) . But it seems that i got some problem with the cert method.

 

Any idea ?

 

Thanks. 

 

PS : Here is the "log all" for that period :

 

Oct 18 11:32:20  webui[1440]: USER:admin@192.168.100.157 COMMAND:<provision-ap no fqln > -- command executed successfully

Oct 18 11:32:20  webui[1440]: USER:admin@192.168.100.157 COMMAND:<provision-ap no ikepsk  ****** > -- command executed successfully

Oct 18 11:32:20  webui[1440]: USER:admin@192.168.100.157 COMMAND:<provision-ap no syslocation > -- command executed successfully

Oct 18 11:32:20  webui[1440]: USER:admin@192.168.100.157 COMMAND:<provision-ap remote-ap > -- command executed successfully

Oct 18 11:32:20  webui[1440]: USER:admin@192.168.100.157 COMMAND:<provision-ap reprovision ap-name "RAP100-01-WAP105" > -- command executed successfully

Oct 18 11:32:20  webui[1440]: USER:admin@192.168.100.157 COMMAND:<provision-ap server-ip 192.168.103.72 > -- command executed successfully

Oct 18 11:32:32  authmgr[1576]: <522004> <DBUG> |authmgr|  MAC=00:23:15:44:71:08 Send Station delete message to mobility

Oct 18 11:32:32  authmgr[1576]: <522004> <DBUG> |authmgr|  MAC=00:23:15:44:71:08 ingress 0x0 (vlan 0), u_encr 32, m_encr 32, slotport 0x1040 , type: remote, FW mode: 1, AP IP: 192.168.10.14

Oct 18 11:32:32  authmgr[1576]: <522004> <DBUG> |authmgr|  MAC=00:23:15:44:71:08 ingress 0x0 (vlan 0), u_encr 32, m_encr 32, slotport 0x1040 , type: remote, FW mode: 1, AP IP: 192.168.10.14

Oct 18 11:32:32  authmgr[1576]: <522004> <DBUG> |authmgr|  no users to cleanup

Oct 18 11:32:32  authmgr[1576]: <522004> <DBUG> |authmgr|  station free: bssid=6c:f3:7f:e4:2b:b8, @=0x108f720c

Oct 18 11:32:32  authmgr[1576]: <522035> <INFO> |authmgr|  MAC=00:23:15:44:71:08 Station UP: BSSID=6c:f3:7f:e4:2b:b0 ESSID=CimaPublic VLAN=32 AP-name=RAP100-01-WAP105

Oct 18 11:32:32  authmgr[1576]: <522036> <INFO> |authmgr|  MAC=00:23:15:44:71:08 Station DN: BSSID=6c:f3:7f:e4:2b:b8 ESSID=CimaPublic VLAN=32 AP-name=RAP100-01-WAP105

Oct 18 11:32:32  mobileip[1585]: <500010> <NOTI> |mobileip|  Station 00:23:15:44:71:08, 0.0.0.0: Mobility trail, on switch 192.168.103.72, VLAN 32, AP RAP100-01-WAP105, CimaPublic/6c:f3:7f:e4:2b:b0/g

Oct 18 11:32:32  mobileip[1585]: <500010> <NOTI> |mobileip|  Station 00:23:15:44:71:08, 255.255.255.255: Mobility trail, on switch 192.168.103.72, VLAN 32, AP RAP100-01-WAP105, CimaPublic/6c:f3:7f:e4:2b:b8/a

Oct 18 11:32:32  mobileip[1585]: <500511> <DBUG> |mobileip|  Station 00:23:15:44:71:08, 0.0.0.0: Received association on ESSID: CimaPublic Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name RAP100-01-WAP105 Group M100-RAP-Bridge BSSID 6c:f3:7f:e4:2b:b0, phy g, VLAN 32

Oct 18 11:32:32  mobileip[1585]: <500511> <DBUG> |mobileip|  Station 00:23:15:44:71:08, 0.0.0.0: Received disassociation on ESSID: CimaPublic Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name RAP100-01-WAP105 Group M100-RAP-Bridge BSSID 6c:f3:7f:e4:2b:b8, phy a, VLAN 32

Oct 18 11:32:32  stm[1577]: <501000> <DBUG> |stm|  Station 00:23:15:44:71:08: Clearing state

Oct 18 11:32:32  stm[1577]: <501065> <DBUG> |stm|  Sending STA 00:23:15:44:71:08 message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x20, wmm:1, rsn_cap:3c

Oct 18 11:32:32  stm[1577]: <501065> <DBUG> |stm|  Sending STA 00:23:15:44:71:08 message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x20, wmm:1, rsn_cap:3c

Oct 18 11:32:32  stm[1577]: <501095> <NOTI> |stm|  Assoc request @ 11:32:32.987528: 00:23:15:44:71:08 (SN 715): AP 192.168.10.14-6c:f3:7f:e4:2b:b0-RAP100-01-WAP105

Oct 18 11:32:32  stm[1577]: <501100> <NOTI> |stm|  Assoc success @ 11:32:32.990463: 00:23:15:44:71:08: AP 192.168.10.14-6c:f3:7f:e4:2b:b0-RAP100-01-WAP105

Oct 18 11:32:32  stm[1577]: <501114> <NOTI> |stm|  Deauth from sta: 00:23:15:44:71:08: AP 192.168.10.14-6c:f3:7f:e4:2b:b8-RAP100-01-WAP105 Reason 255

Oct 18 11:32:32  stm[627]: <501000> <DBUG> |AP RAP100-01-WAP105@192.168.10.14 stm|  Station 00:23:15:44:71:08: Clearing state

Oct 18 11:32:32  stm[627]: <501080> <NOTI> |AP RAP100-01-WAP105@192.168.10.14 stm|  Deauth to sta: 00:23:15:44:71:08: Ageout AP 192.168.10.14-6c:f3:7f:e4:2b:b8-RAP100-01-WAP105 Denied: AP Ageout

Oct 18 11:32:32  stm[627]: <501093> <NOTI> |AP RAP100-01-WAP105@192.168.10.14 stm|  Auth success: 00:23:15:44:71:08: AP 192.168.10.14-6c:f3:7f:e4:2b:b0-RAP100-01-WAP105

Oct 18 11:32:32  stm[627]: <501095> <NOTI> |AP RAP100-01-WAP105@192.168.10.14 stm|  Assoc request @ 11:32:32.651051: 00:23:15:44:71:08 (SN 715): AP 192.168.10.14-6c:f3:7f:e4:2b:b0-RAP100-01-WAP105

Oct 18 11:32:32  stm[627]: <501100> <NOTI> |AP RAP100-01-WAP105@192.168.10.14 stm|  Assoc success @ 11:32:32.652227: 00:23:15:44:71:08: AP 192.168.10.14-6c:f3:7f:e4:2b:b0-RAP100-01-WAP105

Oct 18 11:32:32  stm[627]: <501106> <NOTI> |AP RAP100-01-WAP105@192.168.10.14 stm|  Deauth to sta: 00:23:15:44:71:08: Ageout AP 192.168.10.14-6c:f3:7f:e4:2b:b8-RAP100-01-WAP105 handle_sapcp

Oct 18 11:32:32  stm[627]: <501109> <NOTI> |AP RAP100-01-WAP105@192.168.10.14 stm|  Auth request: 00:23:15:44:71:08: AP 192.168.10.14-6c:f3:7f:e4:2b:b0-RAP100-01-WAP105 auth_alg 0

Oct 18 11:32:33  stm[627]: <501000> <DBUG> |AP RAP100-01-WAP105@192.168.10.14 stm|  Station 00:23:15:44:71:08: Clearing state

Oct 18 11:32:34  nanny[567]: <303086> <ERRS> |AP RAP100-01-WAP105@192.168.10.14 nanny| Process Manager (nanny) shutting down - AP will reboot!

Oct 18 11:32:34  nanny[567]: <303086> <ERRS> |AP RAP100-01-WAP105@192.168.10.14 nanny| Process Manager (nanny) shutting down - AP will reboot!

Oct 18 11:32:34  stm[627]: <501050> <DBUG> |AP RAP100-01-WAP105@192.168.10.14 stm|  Station 6c:f3:7f:e4:2b:b0: No bssid found for management frame type 0, subtype 15 to BSSID 6c:f3:7f:e4:2b:b0

Oct 18 11:32:37  authmgr[1576]: <522004> <DBUG> |authmgr|  AU1(3), HA1, TAP0, PARP0 OIP0 IIP0 INT1 WD0 FW0 DT0

Oct 18 11:32:37  authmgr[1576]: <522004> <DBUG> |authmgr|  MAC=00:23:15:44:71:08 Send Station delete message to mobility

Oct 18 11:32:37  authmgr[1576]: <522004> <DBUG> |authmgr|  Mark rap users for ageout, Reason - AP down

Oct 18 11:32:37  authmgr[1576]: <522004> <DBUG> |authmgr|  download: ip=192.168.100.131 acl=1/0 role=logon, Ubwm=0, Dbwm=0 tunl=0x0, PA=0, HA=1, RO=0, VPN=0

Oct 18 11:32:37  authmgr[1576]: <522004> <DBUG> |authmgr|  station free: bssid=6c:f3:7f:e4:2b:b0, @=0x1097f3c4

Oct 18 11:32:37  authmgr[1576]: <522004> <DBUG> |authmgr|  {192.168.10.14} datapath entry deleted

Oct 18 11:32:37  authmgr[1576]: <522005> <INFO> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.10.14 User entry deleted: reason=user request

Oct 18 11:32:37  authmgr[1576]: <522013> <INFO> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.10.14 IP DN: outerIP=192.168.100.131 tunnels=1

Oct 18 11:32:37  authmgr[1576]: <522050> <INFO> |authmgr|  MAC=00:00:00:00:00:00,IP=192.168.100.131 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=IP Down for external IP

Oct 18 11:33:23  authmgr[1576]: <522004> <DBUG> |authmgr|  DHCP ACK mac 6c:f3:7f:c6:42:bb, client ip 192.168.100.131, server ip 0.0.0.0

Oct 18 11:33:23  stm[1577]: <501000> <DBUG> |stm|  Station 00:23:15:44:71:08: Clearing state

Oct 18 11:33:23  stm[1577]: <501065> <DBUG> |stm|  Sending STA 00:23:15:44:71:08 message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x20, wmm:1, rsn_cap:3c

Oct 18 11:33:24  authmgr[1576]: <522004> <DBUG> |authmgr|  MAC=00:23:15:44:71:08 ingress 0x0 (vlan 0), u_encr 32, m_encr 32, slotport 0x1040 , type: remote, FW mode: 1, AP IP: 192.168.10.14

Oct 18 11:33:24  authmgr[1576]: <522036> <INFO> |authmgr|  MAC=00:23:15:44:71:08 Station DN: BSSID=6c:f3:7f:e4:2b:b0 ESSID=CimaPublic VLAN=32 AP-name=RAP100-01-WAP105

Oct 18 11:33:24  mobileip[1585]: <500010> <NOTI> |mobileip|  Station 00:23:15:44:71:08, 255.255.255.255: Mobility trail, on switch 192.168.103.72, VLAN 32, AP RAP100-01-WAP105, CimaPublic/6c:f3:7f:e4:2b:b0/g

Oct 18 11:33:24  mobileip[1585]: <500511> <DBUG> |mobileip|  Station 00:23:15:44:71:08, 0.0.0.0: Received disassociation on ESSID: CimaPublic Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name RAP100-01-WAP105 Group M100-RAP-Bridge BSSID 6c:f3:7f:e4:2b:b0, phy g, VLAN 32

Oct 18 11:33:32  authmgr[1576]: <522004> <DBUG> |authmgr|  DHCP ACK mac 00:24:e8:f0:37:31, client ip 192.168.100.181, server ip 0.0.0.0

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  Reset BWM contract: IP=0.0.0.0 role=logon, contract= (0/0), type=Per role

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  Reset BWM contract: IP=0.0.0.0 role=logon, contract= (0/0), type=Per role

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  Reset BWM contract: IP=192.168.10.15 role=sys-ap-role, contract= (0/0), type=Per role

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  Reset BWM contract: IP=192.168.10.15 role=sys-ap-role, contract= (0/0), type=Per role

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  Sending pool l2tp default-l2tp-pool, pptp default-pptp-pool in auth PAP response

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  authorize  user 6c:f3:7f:c6:42:bb

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  download: ip=192.168.10.15 acl=7/0 role=sys-ap-role, Ubwm=0, Dbwm=0 tunl=0x0, PA=0, HA=1, RO=0, VPN=0

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  download: ip=192.168.10.15 acl=7/0 role=sys-ap-role, Ubwm=0, Dbwm=0 tunl=0x0, PA=0, HA=1, RO=0, VPN=0

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  download: ip=192.168.100.131 acl=1/0 role=logon, Ubwm=0, Dbwm=0 tunl=0x0, PA=0, HA=1, RO=0, VPN=1

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  err: could not create contract for user, err code (-11)

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  err: could not create contract for user, err code (-11)

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  err: could not create contract for user, err code (-11)

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  err: could not create contract for user, err code (-11)

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  {L3} Update role from logon to logon for IP=0.0.0.0

Oct 18 11:33:51  authmgr[1576]: <522004> <DBUG> |authmgr|  {L3} Update role from logon to sys-ap-role for IP=192.168.10.15

Oct 18 11:33:51  authmgr[1576]: <522006> <INFO> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.10.15 User entry added: reason=RAP

Oct 18 11:33:51  authmgr[1576]: <522008> <NOTI> |authmgr|  User Authentication Successful: username=6c:f3:7f:c6:42:bb MAC=00:00:00:00:00:00 IP=192.168.10.15 role=sys-ap-role VLAN=1 AP=N/A SSID=N/A AAA profile= auth method=VPN auth server=N/A

Oct 18 11:33:51  authmgr[1576]: <522012> <INFO> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.10.15 IP UP: outerIP=192.168.100.131 tunnels=1

Oct 18 11:33:51  authmgr[1576]: <522038> <INFO> |authmgr|  username=6c:f3:7f:c6:42:bb MAC=00:00:00:00:00:00 IP=192.168.100.131 Authentication result=Authentication Successful method=VPN server=Internal

Oct 18 11:33:51  authmgr[1576]: <522049> <INFO> |authmgr|  MAC=00:00:00:00:00:00,IP=0.0.0.0 User role updated, existing Role=none/none, new Role=none/logon, reason=First IP user created

Oct 18 11:33:51  authmgr[1576]: <522049> <INFO> |authmgr|  MAC=00:00:00:00:00:00,IP=192.168.10.15 User role updated, existing Role=none/logon, new Role=none/sys-ap-role, reason=User authenticated with auth type:3role derivation:6 l3 assigned role:None

Oct 18 11:33:51  authmgr[1576]: <522050> <INFO> |authmgr|  MAC=00:00:00:00:00:00,IP=192.168.10.15 User data downloaded to datapath, new Role=sys-ap-role/7, bw Contract=0/0,reason= IP up for non VPN transport

Oct 18 11:33:51  authmgr[1576]: <522050> <INFO> |authmgr|  MAC=00:00:00:00:00:00,IP=192.168.10.15 User data downloaded to datapath, new Role=sys-ap-role/7, bw Contract=0/0,reason=Download driven by user role setting

Oct 18 11:33:51  authmgr[1576]: <522050> <INFO> |authmgr|  MAC=00:00:00:00:00:00,IP=192.168.100.131 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=IP up for non VPN transport for external user

Oct 18 11:34:08  nanny[571]: <303086> <ERRS> |AP RAP100-01-WAP105@192.168.10.15 nanny| Process Manager (nanny) shutting down - AP will reboot!

Oct 18 11:34:08  nanny[571]: <303086> <ERRS> |AP RAP100-01-WAP105@192.168.10.15 nanny| Process Manager (nanny) shutting down - AP will reboot!

Oct 18 11:34:21  authmgr[1576]: <109013> <WARN> |authmgr|  LDAP Server Sh.cima.plus: Connectivity lost. Server is down

Oct 18 11:34:31  authmgr[1576]: <522004> <DBUG> |authmgr|  DHCP ACK mac 5c:26:0a:37:b3:41, client ip 0.0.0.0, server ip 0.0.0.0

Oct 18 11:34:31  wms[1568]: <126005> <WARN> |wms| |ids| Interfering AP: The system classified an access point (BSSID 74:91:1a:0e:a1:48 and SSID CITE MULTIMEDIA on CHANNEL 1) as interfering. Additional Info: Detector-AP-Name:AP210-01-WAP105; Detector-AP-MAC:6c:f3:7f:e4:31:00; Detector-AP-Radio:2.

Oct 18 11:34:57  authmgr[1576]: <522004> <DBUG> |authmgr|  DHCP ACK mac 6c:f3:7f:c6:42:bb, client ip 192.168.100.131, server ip 0.0.0.0

Oct 18 11:34:58  authmgr[1576]: <522014> <DBUG> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.10.15 Notify IKE (IP DN): outerIP=192.168.100.131 Reason=4

Oct 18 11:35:04  nanny[513]: <303022> <WARN> |AP RAP100-01-WAP105@192.168.100.131 nanny|  Reboot Reason: AP rebooted Thu Oct 18 11:34:08 EDT 2012; SAPD: Rebooting after provisioning

Oct 18 11:35:19  authmgr[1576]: <522004> <DBUG> |authmgr|  AU1(3), HA1, TAP0, PARP0 OIP0 IIP0 INT0 WD0 FW0 DT0

Oct 18 11:35:19  authmgr[1576]: <522004> <DBUG> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.10.15 Send mobility delete message, flags=0x0

Oct 18 11:35:19  authmgr[1576]: <522004> <DBUG> |authmgr|  download: ip=192.168.100.131 acl=1/0 role=logon, Ubwm=0, Dbwm=0 tunl=0x0, PA=0, HA=1, RO=0, VPN=0

Oct 18 11:35:19  authmgr[1576]: <522004> <DBUG> |authmgr|  {192.168.10.15} datapath entry deleted

Oct 18 11:35:19  authmgr[1576]: <522005> <INFO> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.10.15 User entry deleted: reason=AP going down

Oct 18 11:35:19  authmgr[1576]: <522013> <INFO> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.10.15 IP DN: outerIP=192.168.100.131 tunnels=1

Oct 18 11:35:19  authmgr[1576]: <522050> <INFO> |authmgr|  MAC=00:00:00:00:00:00,IP=192.168.100.131 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=IP Down for external IP

Oct 18 11:35:36  authmgr[1576]: <522004> <DBUG> |authmgr|  DHCP ACK mac 00:24:e8:2f:f1:54, client ip 0.0.0.0, server ip 0.0.0.0

Oct 18 11:35:45  stm[1577]: <305048> <WARN> |stm|  Dropping unsecure AP message code 16121 from AP at 192.168.100.131 (MAC address 6c:f3:7f:c6:42:bb)

Oct 18 11:35:47  authmgr[1576]: <522004> <DBUG> |authmgr|  AU0(3), HA1, TAP0, PARP0 OIP0 IIP0 INT1 WD0 FW0 DT0

Oct 18 11:35:47  authmgr[1576]: <522004> <DBUG> |authmgr|  {192.168.100.131} datapath entry deleted

Oct 18 11:35:47  authmgr[1576]: <522005> <INFO> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.100.131 User entry deleted: reason=user request

Oct 18 11:35:47  authmgr[1576]: <522014> <DBUG> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.100.131 Notify IKE (IP DN): outerIP=192.168.100.131 Reason=4

Oct 18 11:35:48  nanny[513]: <303086> <ERRS> |AP RAP100-01-WAP105@192.168.100.131 nanny| Process Manager (nanny) shutting down - AP will reboot!

Oct 18 11:35:48  nanny[513]: <303086> <ERRS> |AP RAP100-01-WAP105@192.168.100.131 nanny| Process Manager (nanny) shutting down - AP will reboot!

Oct 18 11:35:56  authmgr[1576]: <109013> <WARN> |authmgr|  LDAP Server Lav.cima.plus: Connectivity lost. Server is down

 

 

 

 

 

since you are not using Cert, removing the AP from the whitelist-db will be no effect. 

 

Cert is very easy to provision and much secured. 

PSK is bit fast  but need some admistrative work to bring up the RAPs. Since its MPLS private network. my vote is on PSK

Somone have any idea regarding of my last post ?

 

It's about the fact that I'm unnable to add a Cert Auth RAP.

 

Thank you.

If you use PSK, it does not need a cert, period.

 

And what if we want to use it... If it supposed to work, why it isn't for me ?

 

I'm not pushing anyone... Il try to find by myself, I was only wondering if anyone already saw that problem.

 

Thanks.

No problem.

I just do not understand your issue.

When you provision an access point using the gui, it will add it to the rap whitelist... if you use PSK you do not need the rap in the whitelist.

What problem are you having?

Directly from my message :

 

What's happening : The AP reboot after a provisionning. I see the entry in the RAP Whitelist adding automaticly by the controller. When the AP is once again available, I got these flag: Rc2ID. It seems that he's able to have an IP address in the pool to. Then, after 1min30sec UP, the AP reboot and enter in the CAP Whitelist and become a normal CAP with only flag : 2

 

So :

 

AP provision with "Certificate" Auth = Ok

Entry added in the RAP Whitelist Automaticly = OK

After rebooting the AP got this flag :Rc2ID

 

1-2 minutes later

 

The RAP reboot and goes in CAP Mode...

Please contact support to get this figured out.