Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Unapproved Factory Cert - CPSEC Disabled

This thread has been viewed 13 times

  • 1.  Unapproved Factory Cert - CPSEC Disabled

    Posted Jun 25, 2014 02:30 PM

    I've seen simliar topics on this, but nothing has really addressed my specific scenario. I've got a 620 which is a master controller, but also has some local campus AP-105's. CPSEC has been disabled since this was installed and as a result auto cert provisioning is disabled. The controller is telling me that the 4 AP's have unapproved factory certs. Purging the AP from the whitelist and re-provisioning the AP doesn't make a difference. Running 6.1.3.4-AirGroup AOS. Any thoughts?

     

    Also, this is a side note, but there are also alerts indicating that certain VLANs do not exist. These are VLANs from an OLD master controller. Is there a way to clear these alarms?



  • 2.  RE: Unapproved Factory Cert - CPSEC Disabled

    Posted Jun 25, 2014 02:40 PM

     

    Are showing up in the AP Database ?

     

    Have you tried the clear gap-db wired-mac ? or try adding those manually to the whitelist or try removing them from the whitelist ?

     

    If its complaining about those VLANs is because you are probably using those in one of your VAPs , run the show profile-errors and it can give more information.

     

     



  • 3.  RE: Unapproved Factory Cert - CPSEC Disabled

    Posted Jun 25, 2014 02:43 PM

    Read this :

     

    https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-1441 



  • 4.  RE: Unapproved Factory Cert - CPSEC Disabled

    Posted Jun 25, 2014 06:16 PM
    @victorfabian wrote:

     

    Are showing up in the AP Database ?

     

    Have you tried the clear gap-db wired-mac ? or try adding those manually to the whitelist or try removing them from the whitelist ?

     

    If its complaining about those VLANs is because you are probably using those in one of your VAPs , run the show profile-errors and it can give more information.

     

     

    AP's are functioning perfectly so they are all in the database. I haven't tried the "clear gap-db" command. My goal is not use a whitelist at all so I haven't not added anything myself, however as a test I tried & got an error that the entry already exists.

     

    Looks like you were spot on with the VLANs. Had some old VAP profiles & aaa profiles referencing those networks. Thanks!

     

    What am I looking for in those docs? I don't see that either of them pertain to this?



  • 5.  RE: Unapproved Factory Cert - CPSEC Disabled

    Posted Jun 27, 2014 06:11 PM

    Any other ideas about this? Is this something I need to open a support case on?



  • 6.  RE: Unapproved Factory Cert - CPSEC Disabled
    Best Answer

    Posted Jun 29, 2014 10:31 AM

    If didn't want to add each access point you go manualy in database (whitelist) you can disable plan security from controller configuration and each new access point will work without adding it manually in whitelist



  • 7.  RE: Unapproved Factory Cert - CPSEC Disabled

    Posted Jun 30, 2014 12:31 PM

    I'm not using CPSEC and never have. Thats what makes this so strange. I have no desire or need to whitelist any AP's.



  • 8.  RE: Unapproved Factory Cert - CPSEC Disabled

    Posted Jun 30, 2014 12:57 PM
    Did you say the APs are up and running ?

    Have you tried changing the status within the whitelist ?

    In the link I shared explains how to do that