Wireless Access

Reply
Frequent Contributor II

Unapproved Factory Cert - CPSEC Disabled

I've seen simliar topics on this, but nothing has really addressed my specific scenario. I've got a 620 which is a master controller, but also has some local campus AP-105's. CPSEC has been disabled since this was installed and as a result auto cert provisioning is disabled. The controller is telling me that the 4 AP's have unapproved factory certs. Purging the AP from the whitelist and re-provisioning the AP doesn't make a difference. Running 6.1.3.4-AirGroup AOS. Any thoughts?

 

Also, this is a side note, but there are also alerts indicating that certain VLANs do not exist. These are VLANs from an OLD master controller. Is there a way to clear these alarms?

Network Engineer | Airhead | Titus 3:5

Re: Unapproved Factory Cert - CPSEC Disabled

 

Are showing up in the AP Database ?

 

Have you tried the clear gap-db wired-mac ? or try adding those manually to the whitelist or try removing them from the whitelist ?

 

If its complaining about those VLANs is because you are probably using those in one of your VAPs , run the show profile-errors and it can give more information.

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: Unapproved Factory Cert - CPSEC Disabled

Read this :

 

https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-1441 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor II

Re: Unapproved Factory Cert - CPSEC Disabled


victorfabian wrote:

 

Are showing up in the AP Database ?

 

Have you tried the clear gap-db wired-mac ? or try adding those manually to the whitelist or try removing them from the whitelist ?

 

If its complaining about those VLANs is because you are probably using those in one of your VAPs , run the show profile-errors and it can give more information.

 

 


AP's are functioning perfectly so they are all in the database. I haven't tried the "clear gap-db" command. My goal is not use a whitelist at all so I haven't not added anything myself, however as a test I tried & got an error that the entry already exists.

 

Looks like you were spot on with the VLANs. Had some old VAP profiles & aaa profiles referencing those networks. Thanks!

 

What am I looking for in those docs? I don't see that either of them pertain to this?

Network Engineer | Airhead | Titus 3:5
Frequent Contributor II

Re: Unapproved Factory Cert - CPSEC Disabled

Any other ideas about this? Is this something I need to open a support case on?

Network Engineer | Airhead | Titus 3:5
Contributor II

Re: Unapproved Factory Cert - CPSEC Disabled

If didn't want to add each access point you go manualy in database (whitelist) you can disable plan security from controller configuration and each new access point will work without adding it manually in whitelist

Islam Zidan │ Professional Services Engineer | ACCP,ACMP,CWDP,CWNA,CCNP,MCITP,Competia A+
If you Found My Post Helping you kindly Give KUDOS and if it solved your question Kindly hit Accept as a solution box.
Frequent Contributor II

Re: Unapproved Factory Cert - CPSEC Disabled

I'm not using CPSEC and never have. Thats what makes this so strange. I have no desire or need to whitelist any AP's.

Network Engineer | Airhead | Titus 3:5

Re: Unapproved Factory Cert - CPSEC Disabled

Did you say the APs are up and running ?

Have you tried changing the status within the whitelist ?

In the link I shared explains how to do that
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: