Filter
Top Products
98 |ControlPlaneSecurity DellPowerConnectW-SeriesArubaOS6.2 | User Guide
approved as a secure AP until a network administrator manually changes the status of the AP to verify that it is
not compromised. If an AP is in this state due to connectivity problems, then the AP recovers and is taken out
of this hold state as soon as connectivity is restored.
l certified-hold-switch-cert: An AP is put in this state when the controller thinks the AP has been certified with a
controller certificate yet the AP requests to be certified again. Since this is not a normal condition, the AP is not
be approved as a secure AP until a network administrator manually changes the status of the AP to verify that it
is not compromised. If an AP is in this state due to connectivity problems, then the AP recovers and is taken out
of this hold state as soon as connectivity is restored.
Verifying Certificates
If you are unable to configure the control plane security feature on W-600 Series, W-3000 Series, W-6000M3, or W-
7200 Series Dell controllers, verify that its Trusted Platform Module (TPM) and factory-installed certificates are
present and valid by accessing the controller’s command-line interface and issuing the command
show tpm cert-info. If the controller has a valid certificate, the output of the command should appear similar to
the output in the example below.
If the controller displays the following output, it may have a corrupted or missing TPM and factory certificates.
Contact Dell technical support.
Disabling Control Plane Security
If you disable control plane security on a standalone or local controller, all APs connected to that controller reboot
then reconnect to the controller over a clear channel.
If your disable control plane security on a
master
controller, APs directly connected to the master controller reboot
then reconnect to the master controller over a clear channel. However, its local Dell controllers continue to
communicate with their APs over a secure channel until you save your configuration on the master controller. Once
you save the configuration, the changes are pushed down to the local Dell controllers. At that point, any APs
connected to the local Dell controllers also reboot and reconnect over a secure channel.
Verifying Whitelist Synchronization
To verify that a network of master and local Dell controllers are correctly sharing their campus AP whitelists, check
the sequence numbers on the master and local switch whitelists.
l The sequence number value on a master controller should be the same as the remote sequence number on the
local controller.
l The sequence number value on a local controller should be the same as the remote sequence number on the
master controller.