Community Expert Day 1/17/14

Aruba Employee

Certificate-based Security for IAP/AMP Communication

The existing security model for IAP/AMP communication is based on a pre-shared secret; it can be considered weak by managed service providers
* IAP support the same certificate-based mutual authentication scheme as that for Activate/Aruba Central communication
* Requires the AMP to support uploading a custom certificate to be uploaded through its UI
* IAP will use certificate-based authentication if no pre-shared secret is set in its AMP configuration
* The AMP certificate must be signed by Komodo, Geotrust, or Google Public Internet Authority
* IAP must be configured with the AMP Server’s certified domain name
About Airwave server/backup server, ip address or domain name are supported now
Commands to verify
AMP status: show ap debug airwave


d8:c7:c8:c4:57:38# show ap debug airwave

Airwave Server List

Domain/IP Address  Type     Mode     Status
----     ----     ------      
Primary  Monitor  Login-done


awc logs
show log ap-debug




Preethi Devarajan
Sr. Network Engineer
Customer Advocacy | Aruba Networks Inc.
Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: