Wireless Access

Reply
Frequent Contributor I

cpsec with AP70's and redundancy

Problem is not specific to AP70's but for any legacy AP without a factory cert.

 

appears a controller will not provide them a switchcert if they already have one in flash that differs from what is defined in the whitelist-db.

 

So I'm attempting to setup a master cluster to allieviate this issue - as I understand it all members of the cluster will use the same cert as the root of the master - so this should allow any ap to move between any controller in the cluster and have the installed cert match what is being synced in the whitelist-db among cluster members.

 

Has anyone done this?

 

I've been testing it today and if anything it makes moving AP70's around worse - they seem to get stuck in the certificate process and hang.

 

I am running 6.1.3.2 so perhaps its a code version issue - but I'm curious if anyone has done this or has gotten any other form of redundancy to work with AP70's with cpsec enabled.

 

Travis

Frequent Contributor I

Re: cpsec with AP70's and redundancy

Just FYI on my issue - I have been working with TAC and the cluster option is apparently broken in 6.x code - they are slotting a fix to be included in 6.2 code stream.

 

While it seems unliekly anyone else is using/attempting to use this option - just posting this so for any other poor soul searching about Master Clusters.

 

Current workaround - an expect script to monitor cpsec whitelist database and clear ap70's that get in the hold state

  along with that we are in-process of swapping out all our aging ap70's

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: