Wireless Access

Hi,

I have master/standby topology, i dowload certificate on the master controller and us this certificyate in securtiy->authentication->L2 authentication, (the certificate name is the controller name, and master name is diffrent from standby name).

I noticed that the certificate from master was not moved to standby,

Can i import diffrent certificate to standby ?

Is it problematic since i have database sync ?

Regards

Rafi

Security > Authentication > L2 Authentication

Hey, you can check that the database sync is working as expected by running #show database sync

According to the documentation only the WMS, Local User and CPSEC DB are sync'd (along with running configuration) between the two master controllers.

Ok,

can i add different license to the second controller,

To do so the second controller must change his role to master is it ok ?

Regards

Rafi

---

@Rafish wrote:

Ok,

can i add different license to the second controller,

To do so the second controller must change his role to master is it ok ?

 

Regards

Rafi

---

Do you want the controllers to share licenses?  If yes, you should turn on centralized licensing.

---

@Rafish wrote:

Hi,

I have master/standby topology, i dowload certificate on the master controller and us this certificyate in securtiy->authentication->L2 authentication, (the certificate name is the controller name, and master name is diffrent from standby name).

 

I noticed that the certificate from master was not moved to standby,

Can i import diffrent certificate to standby ?

Is it problematic since i have database sync ?

 

Regards

Rafi

Security > Authentication > L2 Authentication

---

You must upload a certificate individually to each controller.  The controller certificate is not synchronized with database sync.

Hi Colin,

Fisrt thanks alot for your help :)

Ok, i did that, i upload the cer to the standby, in the standbty everthing is "gray" and i can't add the certificate to the profile so i shut down the master , then the standby change to master, under the profile i added the certificate and i got error:

Error processing command 'aaa authentication dot1x "my-profile-name" server-cert "CCAMC7220D"':Unknown Trusted CA Certificate. Please upload the certificate before configuring in the profile

I upload the certificate from GUI, and i can see them, but when i checked with 

show dot1x certificates details

I noticed that i dont have any certificate on the standby controller.

Any idea ?

Regards

Rafi

You mentioned "licenses" and you mentioned "certificates".  Which one are you having problems with?

Sorry,

I have problem with the certifaicate on the standby controller.

I have two controllers active and standby i create csr on both of them.

On the master everything is ok, the problem i mentioned is on the standby.

Regards

Rafi

Did you submit the CSR on the standby controller to a CA?

Sorry i didnt understand what do you mean by "submit the CSR..."

See attached print screen from the standby controller

Management > Certificates > Upload

Regards

Rafi

Based on your first post, it seems like the controller does not think the Controller Server Certificate was signed by the CA Certificate you uploaded.

I created CSR on each controller and upload them to the controller.

How can i go from ?

Is there spaciel way to add certificate to the standby controller ?

Regards

Rafi

Hi,

I found the solution here:

https://www.airheads.eu/t5/Controller-Based-WLANs/How-to-use-Two-diff-certificate-on-a-master-and-Standby/ta-p/234381#M1857

Thank you very much for your help

Regards

Rafi