Status field. If a switch in the master or local switch whitelist has a lower sequence number, that switch may
still be waiting to complete its update, or receive its update acknowledgment. In the example in Figure 6, the
master switch has a current sequence number of 3, and each sequence number in its local switch whitelist also
shows a value of 3, indicating that both local switches have received and acknowledged all three campus AP
whitelist changes made on the master switch. For additional information on troubleshooting whitelist
synchronization, see Verifying Whitelist Synchronization on page 78.
You can view a switch’s current sequence number via the CLI:
(host) #show whitelist-db cpsec-seq
Viewing the Master or Local Switch Whitelists
The following sections describe the commands to view and delete entries in a master or local switch whitelist.
In the WebUI
To view the master or local switch whitelists:
1. Access the switch’s WebUI, and navigate to Configuration > AP Installation.
2. Select the Whitelist tab.
The master and local switch tables each include the following information:
Field Description
MAC-Address On a local switch whitelist: MAC address of the master switch.
On a master switch whitelist: MAC address of a local switch.
IP-Address On a local switch whitelist: IP address of the master switch.
On a master switch whitelist: IP address of a local switch.
Sequence Number The number of times the switch in the whitelist received and acknowledged a
campus AP whitelist change from the switch whose WebUI you are currently
viewing.
For deployments with both master and local switches:
n The sequence number on a master switch should be the same as the
remote sequence number on the local switch.
n The sequence number on a local switch should be the same as the
remote sequence number on the master switch.
Remote Sequence Number The number of times that the switch whose WebUI you are viewing received
and acknowledged a campus AP whitelist change from the switch in the
whitelist.
For deployments with both master and local switches:
n The remote sequence number on a master switch should be the same as
the sequence number on the local switch.
n The remote sequence number on a local switch should be the same as
the sequence number on the master switch.
Null Update Count The number of times the switch checked its campus AP whitelist and found
nothing to synchronize with the other switch. The switch compares its control
plane security whitelist against whitelists on other switches every two
minutes by default. If the null update count reaches five, the switch sends an
“empty sync” heartbeat to the remote switch to ensure the sequence
numbers on both switches are the same, then resets the null update count to
zero.
Table 22: Master and Local Switch Whitelist Information
AOS-W 6.5.3.x | User Guide Control Plane Security | 68
To Next Page
Loading...