Wireless Access

Reply
Contributor I
Posts: 43
Registered: ‎02-01-2013

Import RAP whitelist ?

Hi,

 

I'm working on using Airwave in to mange our controller configurations.  I imported my controllers configuration successfully, and can see all the AP groups and profile under Device Setup/Aruba configuration.  However, the RAP whitelist is empty,  is it not possible to import this into my Airwave Aruba configuration

 

Thanks

 

 

Moderator
Posts: 1,270
Registered: ‎10-16-2008

Re: Import RAP whitelist ?

Are you running a Master-Local setup?  If so, you need to run the 'Import' from the Audit page of the Master controller to populate the RAP whitelist.  To verify the import, check the audit log and telnet commands log for the controller (log files in /var/log/ap/[ap_id]/).  Best way to verify may be to grep the log for a known whitelisted MAC address.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Contributor I
Posts: 43
Registered: ‎02-01-2013

Re: Import RAP whitelist ?

Hi Rob,

 

I'm running a master-backup master setup.  I tried what you suggested but still dont see the RAP whitelist.

 

Any ideas ?

 

thanks

Moderator
Posts: 1,270
Registered: ‎10-16-2008

Re: Import RAP whitelist ?

Let me try to replicate in the lab and see if I can pinpoint what's happening in the background.  I'll get back to you on this.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Contributor I
Posts: 43
Registered: ‎02-01-2013

Re: Import RAP whitelist ?

Here's what I see in the audit log

 

Thu Feb 28 20:32:34 2013:
>> show whitelist-db rap
<<                               ^
<< % Invalid input detected at '^' marker.

 

From my controller, the command to see the RAP whitelist is:

 

show local-userdb-ap

I'm running 6.2.0.2 on my controller and 7.6.1. on Airwave

 

Hope this helps

Moderator
Posts: 1,270
Registered: ‎10-16-2008

Re: Import RAP whitelist ?

This issue has since been fixed.  The 7.6.2 release notes has it documented as this:

 

DE13310

The whitelist-db rap command is not yet supported in AOS 6.2. AMP will continue to use the
local-userdb-ap command to add, modify, and delete remote AP entries in the Remote AP whitelist.

 

Essentially, 'whitelist-db rap' is a new command introduced in AOS 6.3.  This means you have a few options: upgrade AirWave to 7.6.2, upgrade AOS to 6.3, or both.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Contributor I
Posts: 43
Registered: ‎02-01-2013

Re: Import RAP whitelist ?

ok, thanks Rob, will upgrade to 7.6.2

Contributor I
Posts: 43
Registered: ‎02-01-2013

Re: Import RAP whitelist ?

Hi Rob,

 

I upgraded my Airwave to 7.6.3 and now the RAP-Whitelist imports correctly.

 

However, it has imported into the "default" RAP-whitelist.

 

I have two separate RAP controller hubs, one in UK and one in US,  so I'd like to have a US RAP whitelist and a UK RAP whitelist.

 

Is there a way to move the entries in the default RAP Whitelist to a new UK RAP whitelist ?

 

Thanks

Moderator
Posts: 1,270
Registered: ‎10-16-2008

Re: Import RAP whitelist ?

To do this, the 2 controllers would have to be in separate groups.  Also, the Global Aruba Config setting on AMP Setup would have to be set to 'no'.  In this way, your UK controller would sync with the UK group Aruba Config, while the US controller would sync with the US group Aruba Config.  Let me know if you need a walkthrough for setting this up.

 

if starting from scratch:

1. go to AMP Setup, disable Global Aruba Config

2. create 2 groups: UK, US

3. add UK, US controllers into their designated groups (in monitor only mode)

4. for each group, navigate to controller's config audit page and import settings / profiles

5. check and confirm that the RAP whitelists you desire are separate by verifying on each group's Aruba Config tab

 

from a pre-approved point (if devices are already in AMP):

1. make sure controllers are in monitor only mode

2. blank out RAP whitelist (show all entries in the table, then select all, delete, save)

3. create new group for one of the controllers

4. leave whichever controller you like in the current group, while moving the other into the new group

5. for each group, navigate to controller's config audit page and import settings / profiles

6. check and confirm that the RAP whitelists you desire are separate by verifying on each group's Aruba Config tab

 


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Search Airheads
Showing results for 
Search instead for 
Did you mean: