11-16-2015 02:15 AM
maybe someone can help me with my problem:
I have an Aruba 650 Controller (respectively a OAW-4306G) running AOS 220.127.116.11
There are three AP's (AP93/H) which I'am not able to provision. This AP's have already been provisioned on the controller but I have to change the configuration.
I have purged the AP's with over the console but if I look to Configuration-->AP Installation this Access Points appear with the flag 2ID and I'am not able to provision this AP's once again.
Thanks for the information!
11-16-2015 02:20 AM
Type "show profile-errors" to see if you see anything.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
11-16-2015 04:37 AM
Have a look at the AP group you are trying to move it to. It might contain a wrong LMS IP.
If the LMS IP points to another controller in a multi-controller setup or towards a VRRP IP that is down, AP might not be able to connect.
11-16-2015 12:53 PM
thanks for you help!
This is only a small deployment with 4 campus and 2 RAP's.
No multi-controller setup.
The command show profile-errors does not shows any information.
The AP's have been configurated in the profile (this was not done by me...). After I enabled the control-plane security, the AP's are not working.
All AP's are in the whitelist.
11-17-2015 01:56 AM
sorry, but I am not very well versed with this system......
so I should turn it off?
What is the difference between on or off and what could be the impact to the operation if it be turned off?
11-17-2015 02:09 AM
In normal operation, a GRE tunnel is setup between the AP and the controller. This means that all system traffic between AP and controller is NOT encrypted. The user traffic is normally encrypted with the SSID encryption (WPA2-AES).
If you need to tighten the security for any reason, you turn on control plane security or when you need to use a SSID in bridged mode.
For AP'es that reside on a LAN, with SSID in tunnel mode, you don't need it if you don't have special needs.
What CPS does, is that it pushes a certificate to the AP, and instructs it to build an IPSec, opposed to a GRE, making it more secure.