Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Delet APs from whitelist

This thread has been viewed 3 times

  • 1.  Delet APs from whitelist

    Posted Aug 22, 2019 01:36 AM

    Hi 

    I was looking for doing some kind of preconfiguration. So i wrote some simple script for building a CLI command list. With this list I created whitelist entries for APs. (I scanned the mac adresses from the boxes).

    First of all it looked good.

    After installation APs came up with the correct group.

     

    But now if I want to reconfigure the APs and move them to another group it is not possible via AP provisioning any more.

     

    I try to delete the whitelist db entries but there is no effect. APs boot an come up with same old AP group. No matter if I reprovision the AP.

     

    So for final solution i have to modify the whitlist entry. For lots of APs that is not handy. As second problem no i have serveral APs which I have to configure in whitelist and lots of APs which I have to configure via provisioning.

    Is there a way to clean whitelist completly?

    For my experience the whitelist config is stored on the AP too, because after deleting the AP from whitelist after rebooting the ap the whitelist entry is there again.

    I am using AOS 6.5, CPsec with autolearning is active.

     



  • 2.  RE: Delet APs from whitelist

    EMPLOYEE
    Posted Aug 22, 2019 06:54 AM

    The whitelist takes precendence over everything.  Only modify the whitelist names and ap-groups, if that is the only place that you want to be able to modify names and ap-groups.  It is really intended so that the administrator the wired mac addresses of APs that you want to allow on the network.  Modifying the name or ap-group in the whitelist will force the name and the ap-group to always be what is in the whitelist.

     

    If this is 6.x, you can just boot up all of the access points to the controller and use ap-rename and ap-regroup commands to put them into their proper groups and names.  The aps do not have to be online when you run those commands, but they would have had to have connected to the controller once for those commands to work while the aps are offline.



  • 3.  RE: Delet APs from whitelist

    EMPLOYEE
    Posted Aug 22, 2019 06:56 AM

    "whitelist-db cpsec purge" will purge the cpsec whitelist and it will be automatically be regenerated by APs that reconnect.



  • 4.  RE: Delet APs from whitelist

    Posted Aug 22, 2019 06:57 AM
    @cjoseph wrote:

    "whitelist-db cpsec purge" will purge the cpsec whitelist and it will be automatically be regenerated by APs that reconnect.

    Yes thats correct but if the list is regenerated the AP Group setting is the same as before the purge.



  • 5.  RE: Delet APs from whitelist

    EMPLOYEE
    Posted Aug 22, 2019 07:09 AM

    When APs first connect, there should be no name or group, just a mac address.



  • 6.  RE: Delet APs from whitelist

    Posted Jan 29, 2020 02:45 AM

    Sorry for answering late.

    i purged whitelist-db while AP was offline.

    Afterwards i reconnect ap to network and it appears in whitliste with old config again.

    So it seems to be purging was without success.

    What about local controllers? 

    Should it purged there to?