You are here: Home > CLI Commands > Just_CLI_Topics > show whitelist-db cpsec

show whitelist-db cpsec

show whitelist-db cpsec

cert-type {factory-cert|switch-cert}

mac-address <name>

page <num>

start <offset>

state {approved-ready-for-cert|certified-factory-cert|unapproved-factory-cert|unapproved-no-cert}

Description

Display the campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. whitelist for campus APsCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. using the control plane security feature.

Syntax

Parameter

Description

cert-type

factory-cert|switch-cert

factory-cert: Use this parameter if AP is using a factory certificate.

switch-cert: Use this parameter if AP is using a certificate signed by the switch

mac-address <name>

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. you want to enter into the CPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller. whitelist database.

page <num>

ArubaOS CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. displays 50 whitelist database entries per page. Filter the output of this command by displaying information starting at the specified page number.

start <offset>

Start displaying the table at the specified record in the database

state

approved-ready-for-cert

certified-factory-cert

unapproved-factory-cert

unapproved-no-cert

approved-ready-for-cert: AP in Approved state and is ready to receive a certificate.

certified-factory-cert: AP in Certified state and has a factory certificate.

unapproved-factory-cert: AP in Unapproved state and has a factory certificate.

unapproved-no-cert: AP in Unapproved state and has no or unknown certificate.

Usage Guidelines

Use this command to display the contents of the control plane security whitelist. To view information for a single AP, use the command show whitelist-db cpsec mac-address <mac-address>. To view a list of all secure APs on your controller, use the command show whitelist-db cpsec. If your deployment includes both Mobility Master and managed devices, then the campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. whitelist on every managed device contains an entry for every secure AP on the network, regardless of the managed device to which it is connected.

Example

The output of the following command shows the campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. whitelist entry for an AP with the MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address 00:16:CF:AF:3E:E1:

(host) #show whitelist-db cpsec mac-address 00:16:CF:AF:3E:E1

 

Control-Plane Security Whitelist-entry Details

----------------------------------------------

MAC-Address AP-Group AP-Name Enable State

----------- -------- ------- ------ -----

00:16:CF:AF:3E:E1 employee ap-office1 Enabled cert-cont-cert

 

Cert-Type Description Revoke Text Last Updated

--------- ----------- ----------- ------------

switch-cert Fri Oct 16 01:21:09 2009

 

Whitelist Entries: 1

The output of this command includes the following parameters:

Parameter

Description

MAC-Address

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on..

Enable

Shows whether the campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. has been enabled or disabled.

State

Shows the current state of the campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on..

unapproved-no-cert: AP has no certificate and is not approved.

unapproved-factory-cert: AP has a preinstalled certificate that was not approved.

approved-ready-for-cert: AP is valid, but is waiting to receive a certificate.

certified-factory-cert: AP has an approved factory-installed certificate

certified-controller-cert: AP has an approved certificate from the managed device.

certified-hold-factory-cert: An AP is put in this state when the managed device thinks the AP has been certified with a factory certificate yet the AP requests to be certified again. Since this is not a normal condition, the AP will not be reapproved as a secure AP until a network administrator manually changes the status of the AP to verify that it is not compromised.

certified-hold-controller-cert: An AP is put in this state when the managed device thinks the AP has been certified with a managed device certificate yet the AP requests to be certified again. Since this is not a normal condition, the AP will not be reapproved as a secure AP until a network administrator manually changes the status of the AP to verify that it is not compromised.

Cert-Type

Type of certificate used by the AP.

switch-cert: AP received a certificate from the managed device

factory-cert: AP has a factory-installed certificate

Description

If you included an optional description when you added the AP to the campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. whitelist, that description will appear here.

Revoke Text

If you included an optional revoke description when you manually revoked the AP, that description will appear here.

Last Updated

Date and time that the AP record was last updated in the database.

Related Commands

Command

Description

whitelist-db cpsec add mac-address <name>

Configure the campus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. whitelist for the control plane security feature.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system.

Enable and Config mode on Mobility Master.

/*]]>*/