Wireless Access

last person joined: 21 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

cpsec with AP70's and redundancy

This thread has been viewed 0 times

  • 1.  cpsec with AP70's and redundancy

    Posted Aug 03, 2012 05:58 PM

    Problem is not specific to AP70's but for any legacy AP without a factory cert.

     

    appears a controller will not provide them a switchcert if they already have one in flash that differs from what is defined in the whitelist-db.

     

    So I'm attempting to setup a master cluster to allieviate this issue - as I understand it all members of the cluster will use the same cert as the root of the master - so this should allow any ap to move between any controller in the cluster and have the installed cert match what is being synced in the whitelist-db among cluster members.

     

    Has anyone done this?

     

    I've been testing it today and if anything it makes moving AP70's around worse - they seem to get stuck in the certificate process and hang.

     

    I am running 6.1.3.2 so perhaps its a code version issue - but I'm curious if anyone has done this or has gotten any other form of redundancy to work with AP70's with cpsec enabled.

     

    Travis



  • 2.  RE: cpsec with AP70's and redundancy

    Posted Sep 18, 2012 01:23 PM

    Just FYI on my issue - I have been working with TAC and the cluster option is apparently broken in 6.x code - they are slotting a fix to be included in 6.2 code stream.

     

    While it seems unliekly anyone else is using/attempting to use this option - just posting this so for any other poor soul searching about Master Clusters.

     

    Current workaround - an expect script to monitor cpsec whitelist database and clear ap70's that get in the hold state

      along with that we are in-process of swapping out all our aging ap70's