@discharged wrote:
Hello!
I have two different AP-groups. One for the local segment, and one for a branch office. I use the same AAA-profiles and SSID profiles and everything works fine. But as soon as i try to change in the virtual AP profile for the branchoffice from forward mode tunnel to bridge it stops announcing the SSID. The radios are still up according to the AP. I must have missed something but I can't find what I have missed.
Please make sure that you have "Control Plane Security" Enabled, with Auto Cert provisioning on your controller and it is auto-provisioning certificates for your APs. Local Bridging requires Control Plane Security be on, unless you are provisioning those APs as RAPS.
(3600.arubanetworks.com) #show control-plane-security
Control Plane Security Profile
------------------------------
Parameter Value
--------- -----
Control Plane Security Enabled
Auto Cert Provisioning Enabled
Auto Cert Allow All Enabled
Auto Cert Allowed Addresses N/A
WARNING: You can turn on Control plane Security ON if it is off, but it will cause all of your APs to REBOOT and get a certificate (8 minutes outage for LAN-Connected APS).
(3600.arubanetworks.com) (config) #control-plane-security
(3600.arubanetworks.com) (Control Plane Security Profile) #?
auto-cert-allow-all When enabled, automatic certificate provisioning is
allowed on all APs. When disabled, only APs whose IP
addresses are in the ranges specified by
auto-cert-allowed-addrs are allowed.
auto-cert-allowed-add.. Range of AP IP addresses allowed for automatic
certificate provisioning. Multiple ranges may be
specified.
auto-cert-prov Enable or disable automatic provisioning of
certificates on legacy APs
cpsec-enable Enable or disable Control Plane Security
no Delete Command