Preface
- Text Conventions
- Platform-Dependent Conventions
- Providing Feedback to Us
- Getting Help
- Documentation and Training
About this Guide
- Notational Conventions
Introduction
- WiNG 7.1.X Operating System Overview
- CLI Overview
User Exec Mode Commands
- user-exec-commands
  - captive-portal-page-upload
  - change-password
  - clear
  - clock
  - cluster
  - commit
  - connect
  - crypto
  - create-cluster
  - crypto-cmp-cert-update
  - database
  - database-backup
  - database-restore
  - device-upgrade
  - enable
  - file-sync
  - help
  - join-cluster
  - l2tpv3
  - logging
  - mint
  - no
  - on
  - opendns
  - page
  - ping
  - ping6
  - ssh
  - telnet
  - terminal
  - time-it
  - traceroute
  - traceroute6
  - virtual-machine
  - watch
  - exit
Privileged Exec Mode Commands
- privileged-exec-commands
  - archive
  - boot
  - cd
  - configure
  - copy
  - cpe
  - delete
  - diff
  - dir
  - disable
  - edit
  - erase
  - ex3500
  - factory-reset
  - gps
  - halt
  - mkdir
  - more
  - operational-mode
  - pwd
  - re-elect
  - reload
  - rename
  - rmdir
  - self
  - t5
  - upgrade
  - upgrade-abort
  - raid
  - no
Global Configuration Commands
- global-config-commands
Common Commands
- common-commands
  - clrscr
  - commit
  - exit
  - help
  - no
  - revert
  - service
  - show
  - write
Show Commands
- show-commands
  - show
  - adoption
  - bluetooth
  - boot
  - bonjour
  - captive-portal
  - captive-portal-page-upload (show commands)
  - cdp
  - classify-url
  - clock
  - cluster
  - cmp-factory-certs
  - commands
  - context
  - critical-resources
  - crypto
  - database
  - device-upgrade
  - dot1x
  - dpi
  - environmental-sensor
  - event-history
  - event-system-policy
  - ex3500
  - extdev
  - fabric-attach
  - file
  - file-sync
  - firewall
  - global
  - gps (show command)
  - gre
  - guest-registration
  - interface
  - iot-device-type-imagotag
  - ip
  - ip-access-list-stats
  - ipv6
  - ipv6-access-list
  - l2tpv3
  - lacp
  - ldap-agent
  - licenses
  - lldp
  - logging
  - mac-access-list-stats
  - mac-address-table
  - macauth
  - mac-auth-clients
  - mint
  - ntp
  - password-encryption
  - pppoe-client
  - privilege
  - radius
  - reload
  - rf-domain-manager
  - role
  - route-maps
  - rtls
  - running-config
  - session-changes
  - session-config
  - sessions
  - site-config-diff
  - smart-rf
  - snmpv3 (show command)
  - spanning-tree
  - startup-config
  - t5
  - terminal
  - timezone
  - traffic-shape
  - tron (show command)
  - upgrade-status
  - version
  - vrrp
  - virtual-machine
  - wireless
  - web-filter
  - what
  - wwan
Profiles
- Profile Config Commands
- Device Config Commands
  - adoption-site
  - area
  - channel-list
  - contact
  - country-code
  - floor
  - geo-coordinates
  - hostname
  - lacp
  - layout-coordinates
  - license
  - location
  - mac-name
  - no
  - nsight
  - override-wlan
  - remove-override
  - rsa-key
  - sensor-server
  - timezone
  - trustpoint (device-config-mode)
  - raid
- T5 Profile Config Commands
  - cpe
  - interface
  - ip
  - no
  - ntp
  - override-wlan
  - t5
  - t5-logging
  - use
- EX3524 & EX3548 Profile/Device Config Commands
  - interface
    - interface
    - interface-ge-config commands
      - access-group
      - port
      - power
      - shutdown
      - speed-duplex
      - switch-port
      - use
      - no
    - interface-vlan-config commands
      - ip
      - no
  - ip
  - power
  - upgrade
  - use
  - no
AAA Policy
- aaa-policy-commands
Auto-Provisioning Policy
- auto-provisioning-policy-commands
  - adopt
  - auto-create-rfd-template
  - default-adoption
  - deny
  - evaluate-always
  - redirect
  - upgrade
  - no
    - upgrade
Association-ACL Policy
- Association-acl-policy-commands
  - deny
  - permit
  - no
Access-List Policy
- ip-access-list
- mac-access-list
- ipv6-access-list
- ip-snmp-access-list
- ex3500-ext-access-list
- ex3500-std-access-list
DHCP-Server Policy
- dhcp-server-policy commands
- dhcpv6-server-policy commands
Firewall Policy
- firewall-policy-commands
  - acl-logging
  - alg
  - clamp
  - dhcp-offer-convert
  - dns-snoop
  - firewall
  - flow
  - ip
  - ip-mac
  - ipv6
  - ipv6-mac
  - logging
  - proxy-arp
  - proxy-nd
  - stateful-packet-inspection-12
  - storm-control
  - virtual-defragmentation
  - no
MiNT Policy
- mint-policy-commands
  - level
  - lsp
  - mtu
  - router
  - udp
  - no
Management Policy
- management-policy-commands
RADIUS Policy
- radius-group
  - guest
  - policy
  - rate-limit
  - no
- radius-server-policy
  - authentication
  - bypass
  - chase-referral
  - crl-check
  - ldap-agent
  - ldap-group-verification
  - ldap-server
  - local
  - nas
  - proxy
  - session-resumption
  - termination
  - use
  - no
- radius-user-pool-policy
  - duration
  - user
  - no
Radio-QoS Policy
- radio-qos-policy-commands
Role Policy
- role-policy-commands
SMART-RF Policy
- smart-rf-policy commands
WIPS Policy
- wips-policy-commands
WLAN-QoS Policy
- WLAN-QOS-Policy commands
L2TPv3 Policy
- l2tpv3-policy-commands
- l2tpv3-tunnel-commands
- l2tpv3-manual-session-commands
Router Mode
- router-mode-commands
Routing Policy
- routing-policy-commands
AAA-TACACS Policy
- aaa-tacacs-policy-commands
Meshpoint Policy
- Meshpoint Policy
Passpoint Policy
- passpoint-policy
Crypto-CMP Policy
- crypto-cmp-policy-instance
- other-cmp-related-commands
  - use (other-cmp-related-commands)
  - show (other-cmp-related-commands)
Roaming Assist Policy
- roaming-assist-policy commands
Border Gateway Protocol
- bgp ip-prefix-list
- bgp ip-access-list
- bgp as-path-list
- bgp community-list
- bop ext-community-list
- bgp route-map
- bgp router-config
- bgp neighbor-config
Controller Managed WLAN Use Case
- CREATING A FIRST CONTROLLER MANAGED WLAN
WiNG 7.1 AP Dual Modes of Operation
- Understanding Dual Mode Capability
WiNG AP505 and AP510 REV AA Upgrade Procedure
- Introduction
- Bulk 'Rev: AA' AP505/AP510 Upgrade through Virtual Controller
- Bulk 'Rev:AA' AP5XX Upgrade through WiNG Controller/ExtremeCloud Appliance

cert-renewal-timeout

Configures a certificate renewal timeout in days. This is the number of days, before the expiration of the device‘s certificate, that a certificate renewal is triggered.

The expiration of device‘s certificate is checked once a day. When a certificate is about to expire a certificate renewal is initiated with the dedicated CMP CA server resource through an existing IPSec tunnel. If the tunnel is not established, the CMP renewal request is not sent. If a renewal succeeds the newly obtained certificate overwrites an existing certificate. If the renewal fails, an error is logged.

Supported in the following platforms:

Access Points — AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543, AP8533.
Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

cert-renewal-timeout <1-60>

Parameters

cert-renewal-timeout <1-60>

cert-renewal-timeout <1-60>

Configures the certificate renewal timeout in days. This is the number of days, before the expiration of the device‘s certificate, that a certificate renewal is triggered. Once the configured time is completed, the device triggers a certificate renewal request.

<1-60> – Specify a value from 1 - 60 days. The default is fourteen (14) days. Therefore, by default a device triggers certificate renewal request 14 days before its certificate expires.

Examples

ap6522-D8273A(config-cmp-policy-CMP)#cert-renewal-timeout 60

ap6522-D8273A(config-cmp-policy-CMP)#show context
crypto-cmp-policy CMP
 cert-renewal-timeout 60
 ca-server primary host 192.168.8.74 port 8 path cmp
ap6522-D8273A(config-cmp-policy-CMP)#

Related Commands

no	Reverts the certificate renewal timeout to default (14 days)

Published April 2019prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback