This is worthwhile for backing up a LANCOM WLAN controller with a second WLAN controller,
the aim being to maintain full control over all managed access points at all times. The
backup Controller is configured in such a way that it uses SCEP to obtain the necessary
certificates from the backed-up primary WLAN controller.
-
-
Switch off the CA on the backup Controller.
-
In the configuration of the SCEP client in the backup controller, create a new backup
in the CA table (in LANconfig under ). The CA of the primary WLAN controller is entered here:
-
The URL is to be entered as the IP address or the DNS name of the primary WLAN
controller followed by the path to the CA /cgi-bin/pkiclient.exe.
For example 10.1.1.99/cgi-bin/pkiclient.exe'.
- Distinguished name: Standard name of the CA (/CN=LANCOM
CA/O=LANCOM SYSTEMS/C=DE) or the name given on the primary Controller
- Switch on RA auto approve
- Usage type: WLAN controller
-
Then create a new entry in the certificate table with the following information:
- CA distinguished name: The standard name under which the CA
is entered, e.g. /CN=LANCOM CA/O=LANCOM SYSTEMS/C=DE
- Subject: Specification of the primary WLAN controller's
MAC address in the form: /CN=00:a0:57:01:23:45/O=LANCOM SYSTEMS/C=DE
- Challenge password: The general challenge password of the CA
on the primary WLAN controller or a password for the Controller specified
manually.
- Extended key usage:
critical,serverAuth,1.3.6.1.5.5.7.3.18
- Key length: 2048 bits
- Usage type: WLAN controller
-
If a SCEP configuration was previously active on the backup controller, the following
actions must be executed under WEBconfig ():
- Clear SCEP file system
- Update (2x: the first time, the SCEP client retrieves the new CA/RA certificates
only; the second time the device certificate is updated)
-
Configure the first WLAN controller 1 according to your requirements with all
profiles and the associated AT table. The access points then establish connections to the
first WLAN controller. Each access point receives a valid certificate and a configuration
for the WLAN module from the WLAN controller.
-
Transfer the configuration from the first WLAN controller 1, for example
using LANconfig, to the backup controller 2. The profiles and the AP tables with
the access point MAC addresses are transferred to the backup controller at the same time.
All access points remain logged on to the first WLAN controller.
Should WLAN controller 1 fail, the access points will automatically search for
another WLAN controller and they will find the backup controller 2. Because this has
the same root certificate, it is able to check the validity of the access points'
certificates. Because the access points are also entered into the backup controller's
AP table along with their MAC addresses, the backup controller can fully take over the
management of the access points. Changes to the WLAN profiles in the backup controller will
directly affect the managed access points.
Note: In this scenario, the access points remain under the management of the backup controller
until this itself becomes unavailable or is manually disconnected.
Note: If the access points are set up for standalone operation, they will remain operational
while searching for a backup controller and the WLAN clients will remain associated.