Wired Intelligent Edge (Campus Switching and Routing)

Reply
Occasional Contributor I

Re: ArubaOS 8 Campus AP Whitelist Import: what is the expected format?

Does anyone know all the option available for this? For example whitelisting using a specified certificate? We use the factory-cert option when whitelisting, and see that specific option is not mentioned above.

 

Thanks.

MVP
MVP

Re: ArubaOS 8 Campus AP Whitelist Import: what is the expected format?

Hi,

 

I use this.

 

whitelist-db cpsec add mac-address ##:##:##:##:##:## ap-group APGROUP001 AP-name AP001 description FirstFloor

 

 

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
MVP Guru

Re: ArubaOS 8 Campus AP Whitelist Import: what is the expected format?

You can use the following : 

 

(host) [mynode] (config) #whitelist-db cpsec add mac-address <address>
ap-group <ap_group>
ap-name <ap_name>
description <description>

ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Guru Elite

Re: ArubaOS 8 Campus AP Whitelist Import: what is the expected format?


@Blake. wrote:

Does anyone know all the option available for this? For example whitelisting using a specified certificate? We use the factory-cert option when whitelisting, and see that specific option is not mentioned above.

 

Thanks.


What are you trying to do?  


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
New Contributor

Re: ArubaOS 8 Campus AP Whitelist Import: what is the expected format?

Below is a really useful link sent out by Aruba support.

It lists all options and formats for maintaining the various whitelists and very useful for initial deployment and maintaining the wireless environment.

https://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Content/ArubaFrameStyles/Control_Plane/Whitelists_on_Campus_and_Remote_APs.htm

 

If one is deploying Aruba APs utilizing the ZTP(Zero Touch Provisioning) scenario, then one would want to include the AP Group within the Whitelist for obvious reasons.  We have deployed many AP's at a time and had them come online, find the controller, upgrade firmware, named and broadcasting their wireless networks within as little as 10-12 mins per AP, by simply plugging them into the configured network.

***Note: one must utilize the "activate.arubanetworks.com" web portal to move an IAP(Instant AP) to CAP(Campus AP) mode and find their respective controller.  This is a key component of the ZTP process, and some wireless consultants don't realize this.

 

 

Keep in mind, as one creates more AP Groups and provisions an existing AP to another group, then if the AP is powered off/on it will revert back to the original AP Group as defined within the Whitelist.  Therefore, it is best to use the Web or CLI to change the Whitelist's AP Group to -None- or the new AP Group for the longterm management of APs.

For our preferences, the most convenient way of doing this is through the CLI mode.

Example:

whitelist-db cpsec modify mac-address 80:8d:b7:cd:1a:32 ap-group " "

 

The Whitelist then will be updated as such within the configuration.

ArubaPost_20190906.png

 

 

 

 

If one leaves the AP Group out from the start, then one can utilize the AP Provisioning Rules for the group assignments.  However, I found these to be rigid at times and not a good long-term solution for provisioning as it relates to our network configuration.  (I would suggest to Aruba to include the AP Name as one of the available attributes for the Conditions.)

 

If I have missed something or someone needs further details, please let me know and I would be glad to help out as time permits.  I would not have been as successful with our deployment, if not for all the time and support of Aruba's excellent support engineers and this community.
Regards,
Dan Robinson

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: