RAP/IAP Whitelist Synchronization using Aruba Activate cloud-based services
When customer wish to duplicate RAP/IAP whitelist between two controllers in automated way, it could actually be done using Aruba Activate cloud-based services.
ArubaOS allows controllers to synchronize their RAP/IAP whitelists with the Aruba Activate cloud-based services. When you configure Activate whitelist synchronization, the controller will securely contact the Activate server and download the contents of the whitelist on the Activate server to the whitelist on the controller. The controller and the Activate server must have layer-3 connectivity to communicate. By default, this feature will both add new remote AP entries to the controller whitelist and delete any obsolete entries on the controller whitelist that were not on the Activate server whitelist.
In the WebUI:
To enable this feature using the WebUI,
1. Navigate to Configuration>Network>Controller>Sync Whitelist Service.
2. Select Enable sync service.
3. In the Activate user field, enter the user name for your Activate account.
4. In the Activate password field, enter the password for your Activate account.
5. (Optional) Click the Frequency drop-down list and configure how frequently the controller should synchronize its remote AP whitelist with the whitelist on the Activate server.
6. Click Apply to save your settings.
In the CLI:
The following example enables the Activate whitelist service on the controller. The add-only parameter allows this only addition of entries to the Activate remote AP whitelist database. This parameter is enabled by default. If this setting is disabled, the activate-whitelist-download command can both add and remove entries from the Activate database.
(host)(config)# activate-service-whitelist (host)(activate-service-whitelist) #username user2 password pA$$w0rd whitelist-enable (host)(activate-service-whitelist)add-only
Note : Select the add-only option to allow this feature to add or modify entries, but not delete any existing entries.
The following command is available in enable mode, and prompts the controller to synchronize its remote AP whitelist with the associated whitelist on the Activate server:
(host)# activate whitelist download
The following example displays the Activate whitelist service settings on the controller:
(SCCWMCGa01) #show activate-service-whitelist
activate-service-whitelist -------------------------- Parameter Value --------- ----- Activate Whitelist Service Enabled Activate Login Username firstname.lastname@example.org Activate Login Password ******** Periodic Interval for WhiteList Download 1 Add-Only Operation Enabled