Manualshelf

User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000
121122123124125126127128129130
128 | Control Plane Security Dell Networking W-Series ArubaOS 6.4.x| User Guide
Troubleshooting Control Plane Security
Identifying Certificate Problems
If an AP has a problem with its certificate, check the state of the AP in the campus AP whitelist. If the AP is in
either the certified-hold-factory-cert or certified-hold-switch-cert states, you may need to manually change the
status of that AP before it can be certified.
l certified-hold-factory-cert: An AP is put in this state when the controller thinks the AP has been certified
with a factory certificate, but the AP requests to be certified again. Because this is not a normal condition,
the AP is not approved as a secure AP until you manually change the status of the AP to verify that it is not
compromised. If an AP is in this state due to connectivity problems, then the AP recovers and is taken out of
this hold state as soon as connectivity is restored.
l certified-hold-switch-cert: An AP is put in this state when the controller thinks the AP has been certified
with a controller certificate yet the AP requests to be certified again. Because this is not a normal condition,
the AP is not be approved as a secure AP until a network administrator manually changes the status of the
AP to verify that it is not compromised. If an AP is in this state due to connectivity problems, then the AP
recovers and is taken out of this hold state as soon as connectivity is restored.
Verifying Certificates
If you are unable to configure the control plane security feature on W-600 Series, W-6000M3, or W-3000 Series
controllers, verify that its Trusted Platform Module (TPM) and factory-installed certificates are present and
valid by accessing the controller’s command-line interface and issuing the command show tpm cert-info. If
the controller has a valid certificate, the output of the command appears similar to the output in the example
below.
If the controller displays the following output, it may have a corrupted or missing TPM and factory certificates.
Contact Dell support.
Disabling Control Plane Security
If you disable control plane security on a standalone or local controller, all APs connected to that controller
reboot then reconnect to the controller over a clear channel.
If your disable control plane security on a master controller, APs directly connected to the master controller
reboot then reconnect to the master controller over a clear channel. However, its local controllers continue to
communicate with their APs over a secure channel until you save your configuration on the master controller.
Once you save the configuration, the changes are pushed down to the local controllers. At that point, any APs
connected to the local controllers also reboot and reconnect over a secure channel.