Hi all,
I tried deleting the cert and adding it again manually, it didn't work. I tried enabling aut cert provisioining, it is enabled at the moment no luck. I will try reseting the access point from the console connection next and see how it goes.
below is the log again. it still shows, at todays date that the access point in unapproved, while trying to add the ap to the whitelist gives that the "entry already exits". as you can see from both of the command outputs below.
(Aruba650) #show log system all | include 24:de:c6:c0:17:d5
Jun 20 04:48:44 :305049: <WARN> |stm| Unsecure AP "24:de:c6:c0:17:d5" (MAC 24: de:c6:c0:17:d5, IP 192.168.0.209) has been denied access because Control Plane S ecurity is enabled and the AP is not approved.
Jun 20 04:49:02 :305049: <WARN> |stm| Unsecure AP "24:de:c6:c0:17:d5" (MAC 24: de:c6:c0:17:d5, IP 192.168.0.209) has been denied access because Control Plane S ecurity is enabled and the AP is not approved.
Jun 20 04:49:25 :305049: <WARN> |stm| Unsecure AP "24:de:c6:c0:17:d5" (MAC 24: de:c6:c0:17:d5, IP 192.168.0.209) has been denied access because Control Plane S ecurity is enabled and the AP is not approved.
Jun 20 04:50:32 :305048: <WARN> |stm| Dropping unsecure AP message code 16121 from AP at 192.168.0.209 (MAC address 24:de:c6:c0:17:d5)
Jun 20 04:50:35 :311002: <WARN> |AP 24:de:c6:c0:17:d5@192.168.0.209 sapd| Rebo oting: SAPD: Rebooting after installing trust update. Factory Cert present
Jun 20 04:50:35 :303086: <ERRS> |AP 24:de:c6:c0:17:d5@192.168.0.209 nanny| Proc ess Manager (nanny) shutting down - AP will reboot!
Jun 20 04:51:55 :311020: <ERRS> |AP 24:de:c6:c0:17:d5@192.168.0.209 sapd| An i nternal system error has occurred at file sapd_redun.c function redun_init_tunne l_master line 3048 error Unable to open /tmp/num_ipsec.
Jun 24 06:10:52 :311020: <ERRS> |AP 24:de:c6:c0:17:d5@192.168.0.209 sapd| An i nternal system error has occurred at file sapd_redun.c function sapd_proc_redun_ msg line 4319 error Error: Received RC_OPCODE_ERROR lms 192.168.0.248 tunnel 0.0 .0.0 RC_ERROR_ISAKMP_N_VERSION2_SUPPORTED.
Jun 24 06:11:43 :311020: <ERRS> |AP 24:de:c6:c0:17:d5@192.168.0.209 sapd| An i nternal system error has occurred at file sapd_redun.c function sapd_proc_redun_ msg line 4319 error Error: Received RC_OPCODE_ERROR lms 192.168.0.248 tunnel 0.0 .0.0 RC_ERROR_ISAKMP_N_VERSION2_SUPPORTED.
Jun 24 06:15:47 :311020: <ERRS> |AP 24:de:c6:c0:17:d5@192.168.0.209 sapd| An i nternal system error has occurred at file sapd_redun.c function sapd_proc_redun_ msg line 4319 error Error: Received RC_OPCODE_ERROR lms 192.168.0.248 tunnel 0.0 .0.0 RC_ERROR_ISAKMP_N_VERSION2_SUPPORTED.
Jul 9 20:06:56 :311020: <ERRS> |AP 24:de:c6:c0:17:d5@192.168.0.209 sapd| An in ternal system error has occurred at file sapd_redun.c function sapd_proc_redun_m sg line 4319 error Error: Received RC_OPCODE_ERROR lms 192.168.0.248 tunnel 0.0. 0.0 RC_ERROR_ISAKMP_N_VERSION2_SUPPORTED.
Jul 9 22:03:39 :311020: <ERRS> |AP 24:de:c6:c0:17:d5@192.168.0.209 sapd| An in ternal system error has occurred at file sapd_redun.c function sapd_proc_redun_m sg line 4342 error Error: Received RC_OPCODE_ERROR lms 192.168.0.248 tunnel 0.0. 0.0 RC_ERROR_IKE_XAUTH_AUTHORIZATION_FAILED.
Jul 9 22:03:39 :311020: <ERRS> |AP 24:de:c6:c0:17:d5@192.168.0.209 sapd| An in ternal system error has occurred at file sapd_redun.c function redun_retry_tunne l line 3233 error redun_retry_tunnel: Switching to clear. Error:RC_ERROR_IKE_XAU TH_AUTHORIZATION_FAILED. Ipsec not successful after reboot.
Jul 10 06:08:10 :305049: <WARN> |stm| Unsecure AP "24:de:c6:c0:17:d5" (MAC 24: de:c6:c0:17:d5, IP 192.168.0.209) has been denied access because Control Plane S ecurity is enabled and the AP is not approved.
Jul 10 06:08:16 :305048: <WARN> |stm| Dropping unsecure AP message code 16121
Jul 10 06:08:25 :305049: <WARN> |stm| Unsecure AP "24:de:c6:c0:17:d5" (MAC 24: is enabled and the AP is not approved.
Jul 10 06:09:39 :305048: <WARN> |stm| Dropping unsecure AP message code 16121
Jul 9 22:05:41 :311002: <WARN> |AP 24:de:c6:c0:17:d5@192.168.0.209 sapd| Reboo
Jul 9 22:05:42 :303086: <ERRS> |AP 24:de:c6:c0:17:d5@192.168.0.209 nanny| Proce
Jul 9 22:13:35 :311020: <ERRS> |AP 24:de:c6:c0:17:d5@192.168.0.209 sapd| An in 4342 error Error: Received RC_OPCODE_ERROR lms 192.168.0.248 tunnel 0.0.0.0 RC_E
Jul 9 22:13:35 :311020: <ERRS> |AP 24:de:c6:c0:17:d5@192.168.0.209 sapd| An in 233 error redun_retry_tunnel: Switching to clear. Error:RC_ERROR_IKE_XAUTH_AUTHO
Jul 10 06:18:06 :305048: <WARN> |stm| Dropping unsecure AP message code 16121
Jul 9 22:14:09 :311002: <WARN> |AP 24:de:c6:c0:17:d5@192.168.0.209 sapd| Reboo
Jul 9 22:14:09 :303086: <ERRS> |AP 24:de:c6:c0:17:d5@192.168.0.209 nanny| Proce
(Aruba650) # show whitelist-db cpsec
Control-Plane Security Whitelist-entry Details
----------------------------------------------
MAC-Address Enable State Cert-Type Description Re voke Text Last Updated
----------- ------ ----- --------- ----------- -- --------- ------------
24:de:c6:c0:17:cd Enabled certified-switch-cert factory-cert Tue Jun 11 09:04:06 2013
24:de:c6:c0:17:d2 Enabled certified-switch-cert factory-cert Tue Jun 11 09:04:45 2013
24:de:c6:c0:17:d4 Enabled certified-switch-cert factory-cert Thu Jun 20 11:43:41 2013
24:de:c6:c0:17:d0 Enabled certified-switch-cert factory-cert Thu Jun 20 11:43:57 2013
24:de:c6:c0:17:cf Enabled certified-switch-cert factory-cert Thu Jun 20 11:43:58 2013
24:de:c6:c0:17:d5 Enabled certified-switch-cert factory-cert Wed Jul 10 06:19:31 2013
24:de:c6:c0:17:cb Enabled certified-switch-cert factory-cert Thu Jun 20 12:56:14 2013
Total Entries: 7
(Aruba650) (config) #whitelist-db cpsec add mac-address 24:de:c6:c0:17:d5 descri ption 24:de:c6:c0:17:d5
Entry already exists!