02-17-2013 11:21 PM
I'm planning an upgrade from M1 to M3 in a 6000 Controller (which is the master in my network), I'm also using CPsec with a certificate issued from a CA in my master controller.
Are there some considerations to take into account or simply doing a "backup flash" on M1 and a "restore flash" in M3 is enough??
02-18-2013 01:09 AM - edited 02-18-2013 01:14 AM
Yes [I once did it from 2400 to 6000 SC-128 ] it can be done :smileyhappy:
You need to be aware and check it very good after deploying the flash: [before moving to production]
- AOS version [keep it simple from the same aos to the same aos and then upgrade if needed]
- Some keys\secrets\password might not pass via backup flash. *check it*
- interfaces - you should check very good your config after reloading the flash. vlans and ips
- Don't forget all the licenses issue.
- Check all your L2/L3 AAA servers & access profiles very good. *nas ip nas id and more*
Also read the following thread: [it will give u some ideas]
have a lovely week.
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
02-18-2013 10:39 AM
all those steps are taken into account
after upgrading I have had to reaproval all ap under campus white list, they show the message like:
18 02:13:54 :399803: <ERRS> |AP ap-S02.email@example.com sapd| An internal system error has occurred at file sapd_msg.c function sapd_proc_install_cert_req line 3164 error AP is unable to fix certificate chain. Controller certificate hierarchy may have changed. Re-approval needed..
Feb 18 02:13:56 :311002: <WARN> |AP ap-S02.firstname.lastname@example.org sapd| Rebooting: SAPD: Unable to install cert. Need to re-approve AP
Is there some command to do it for all ap?
02-19-2013 01:48 AM
I have a question I don't stop thinking about,
If a have a certificate from a CA in a controller M1 and I replace that controller with a new M3, doing restore "flash flashbackup.tar.gz", which certificate is used for CPSec, the previous one used in M1 or some new certificate shipped with the new M3?.
I asking that because after upgrading to M3, I have had to reaprove all my AP to install a new certificate and get ready with the new master.