Dell 6.2 Campus A P Whitelist Synchro nization, Viewing a nd Manag ing the Master o r Local Switch Wh itelists

88| Contr ol Plane Security DellPowerConnect W- Series ArubaOS 6.2 | User Guide

If your deployment includesbo th master and local Dell controllers,then the campus AP whitelist on every controller

contains an entry forevery secure AP on the network, regardless of the controllerto which it is connected. The

master controlleralso maintains a whitelist of local Dell controllers using control plane security. When you change a

campus AP whitelist on any controller, that controller contacts the ot herconnected D ellcontrollers to noti fy them

of the change.

The master switch whitelist on each local controller contains the IP and MAC addresses of its master controller. If

your network has a redundantmaster controller, then this whitelist co ntains more than one entry. The master switch

whitelist rarely needst o be deleted. Althoughyou c an deletean entry from the master swit ch whitelist, you should

do so only if you have removed a master controller from the network.

Campus A P Whitelist Synchro nization

The currentsequence number in the AP Whitelist Sync Status field shows the number of changes to the campus AP

whitelist made ont hatco ntroller.By default, eachcontroller compares its campus AP whitelist against whitelists on

other Dell controllersevery two minutes. If a controller detects a difference, it sends its changes to the ot herD ell

controllerson the network. If all other Dell controllers on the network have successfully received and acknowledgedall

whitelist changes madeon that controller, every entryi nt hesequencenumbercolumn in the local swi tch or master

switch whitelists has the same value as the sequencenumber displayed in the AP Whitelist Sync Status field. If a

controllerin the mast ero r locals witch whitelist has a lower sequence number, that controllermay still be waiting to

complete its update,o ri ts updateacknowledgement may not have yet been received.I nthe example in Figure 19,

the master controllerhas a currentsequence number of 3, and each sequence numberi n its local switch whitelist also

shows a value of 3, indicating that both local Dellco ntrollershave received and acknowledgedall three campus AP

whitelist changes made on the master controller.For additi onali nformationo n troubleshootingwhit elist

synchronization, see "Verifying Whitelist Synchronization" on page 98.

You can view a controller’scurrent sequence numbervia t heCLI using the command:

show whitelist-db cpsec-seq

Viewing a nd Manag ing the Master o r Local Switch Wh itelists

The followingsect ions describe the commands to view and delete entries in a master or local switch whitelist.

To view the master or local switch whitelists via the WebUI, use the procedure below:

1. A ccess the controller’sWebUI, and navigate to Configuration>AP Instalation.

2. Select the Whitelist tab.

The master and localc ontrollerswitc h tables each includethe followingi nformation:

MAC-Address Ona local switchwhiteli st:MAC address of the master controller.

Ona master switch whiteli st:MAC address of a local controller.

IP-Address Ona local switchwhiteli st:IP address of the master controller.

Ona master switch whiteli st:IP address of a local controller.

SequenceNum ber Thenum ber oftim esthe controller i n thew hitelist received and acknowledged a

campusAP w hitelist change from thecontroll er whose WebUIyou are currently

viewing.