Wireless Access

Frequent Contributor I

cpsec with AP70's and redundancy

Problem is not specific to AP70's but for any legacy AP without a factory cert.


appears a controller will not provide them a switchcert if they already have one in flash that differs from what is defined in the whitelist-db.


So I'm attempting to setup a master cluster to allieviate this issue - as I understand it all members of the cluster will use the same cert as the root of the master - so this should allow any ap to move between any controller in the cluster and have the installed cert match what is being synced in the whitelist-db among cluster members.


Has anyone done this?


I've been testing it today and if anything it makes moving AP70's around worse - they seem to get stuck in the certificate process and hang.


I am running so perhaps its a code version issue - but I'm curious if anyone has done this or has gotten any other form of redundancy to work with AP70's with cpsec enabled.



Frequent Contributor I

Re: cpsec with AP70's and redundancy

Just FYI on my issue - I have been working with TAC and the cluster option is apparently broken in 6.x code - they are slotting a fix to be included in 6.2 code stream.


While it seems unliekly anyone else is using/attempting to use this option - just posting this so for any other poor soul searching about Master Clusters.


Current workaround - an expect script to monitor cpsec whitelist database and clear ap70's that get in the hold state

  along with that we are in-process of swapping out all our aging ap70's



Search Airheads
Showing results for 
Search instead for 
Did you mean: