Dell 6.2 Revoking a n AP via the Campus AP Whitelist, Deleting an A P Entry from the Campus AP Whitelist, Purging th e Campus A P Whitelist

86| Contr ol Plane Security DellPowerConnect W- Series ArubaOS 6.2 | User Guide

whitelist-db cpsec modify mac-address

cert-type switch-cert|factory-cert

description <description>

mode disable|enable

revoke-text <revoke-text>

state approved-ready-for-cert|certified-factory-cert

Revoking a n AP via the Campus AP Whitelist

You can revoke an invalid or rogue AP either by opening the modify menu and modifying the AP’s revoke status (as

described in the section above), or by selecting the AP in the campus whitelist and revokingi t’s securest atus

directly, without modifying any other parameters or entering a description of why that AP was revoked. When you

revokean A P’s securest atus in the campusA P whitelist, the whitelist retains the AP’s status information. To revoke

an invalido rrogue AP and permanently remove the AP from the whitelist, you must delete that entry.

To revoke an AP via the WebUI:

1. A ccess the master controller WebUI, and navigate to Configuration>AP Installation .

2. Click t he CampusAP Whitelist t ab.

3. To revoke one or more securecampus APs, select the checkbox by the entry for each AP whose secure status

shouldbe revoked, then click Revoke.

If your campus AP whitelist is large and you cannot immediately locate t he AP entry you want to revoke, select

the Search linkby t heupper right corner of the whitelist. The Campus AP Whitelist tab displays several fields

that allow you to search for an AP wi th a specified MAC address, certificate type or st ate. Specify the values that

match the AP you are trying to locate, then click the Search button. The whitelist displays a list of APs t hat

match your search criteria. Select the AP from this list, then click Revoke.

To revoke an AP via the command-linei nterface,issue the command:

whitelist-db cpsec revoke mac-address <macaddr> revoke-text <"revoke text">

Deleting an A P Entry from the Campus AP Whitelist

Beforey ou delete an AP entry from the campus whitelist, verify that auto certi ficate provisioning is either no longer

enabled,or only enabled for IP addresses that do not include the AP being removed. If automatic certificate

provisioning is enabledfor an AP that it i s stillc onnectedto t henetwork, you can not permanently deleteit from

the campus AP whitelist; the controlleri mmediatelyre-certifies the AP and re-createsi ts whitelist entry.

To delete an AP entry via the WebUI:

1. A ccess the master controller WebUI, and navigate to Configuration>AP Installation .

2. Click t he CampusAP Whitelist t ab.

3. Select the checkbox by entry for each AP you want to remove, then click delete.

If your campus AP whitelist is large and you cannot immediately locate t he AP entry you want to delete, select

the Search linkby t heupper right corner of the whitelist. The Campus AP Whitelist tab displays several fields

that allow you to search for an AP wi th a specified MAC address, certificate type or st ate. Specify the values that

match the AP you are trying to locate, then click the Search button. The whitelist displays a list of APs t hat

match your search criteria. Select the AP from this list, then click delete.

To delete an AP entry via the CLI, issue the command:

whitelist-db cpsec del mac-address <macaddr>

Purging th e Campus A P Whitelist

Beforey ou add a new local controllerto a network using control planesecurity, you must purge the campus AP

whitelist on the newco ntroller.Any entries in a newc ontroller’scampus AP whitelist is merged into the whitelist for