Hi Carson,
Ok - so just enable auto-cert provisioning and remove our current IP range restrictions temporarily? I'll do that, seems safest.
Thanks
Guy
--
University of Cambridge
Information Services
Wireless Team
Roger Needham Building
7 JJ Thomson Avenue
CB3 0RB
Original Message:
Sent: 8/14/2024 11:36:00 AM
From: chulcher
Subject: RE: Allowlist behaviour
I would highly recommend enabling the auto add functionality while adding the APs, that way you don't have to worry about the process.
As long as the Conductor is configured, the MDs should follow along regardless of the current state of the local allow-list.
------------------------------
Carson Hulcher, ACEX#110
------------------------------
Original Message:
Sent: Aug 14, 2024 10:54 AM
From: cauliflower
Subject: Allowlist behaviour
Hello,
AOS 8.10.0.13 controller clusters
Conductor and stdby conductors
I just want to check what the expected behaviour for allowlists is. We are transferring a thousand or so APs from our main cluster to our overflow cluster (we are nearing capacity on the main cluster). I have added the MAC addresses for the APs that are being transferred to the allowlist on the overflow cluster Conductor, and I can see them in the allowlist when I do 'show allowlist-db mac-address xxxxxx' on that Conductor. But when I run the same command on a cluster member there is no entry for that MAC.
Should the allowlist be synced from the Conductor to all the cluster members, or is there some process where this only happens when an AP comes up (we haven't transferred this batch yet, though we already have over a thousand APs on the overflow cluster)? Allowlist sync is enabled, but the sequence numbers on the cluster members do not match the seq number on the conductor. Is that normal?
I just want to understand whether there's a problem which is going to affect the transfer, or whether all is ok.
Guy