file-sync

Syncs trustpoint and/or EAP-TLS X.509 (PKCS#12) certificate between the staging-controller and its adopted devices.

When enabling file syncing, consider the following points:
  • The X.509 certificate needs synchronization only if the adopted devices are configured to use EAP-TLS authentication.
  • Execute the command on the controller adopting the devices.
  • Ensure that the X.509 certificate file is installed on the controller.
Syncing of trustpoint/wireless-bridge certificate can be automated. To automate file syncing, in the controller‘s device/profile configuration mode, execute the following command: file-sync [auto|count <1-20>].
Note

Note

This command and its syntax is common to both the User Executable and Privilege Executable configuration modes.

Supported on the following devices:

Syntax

file-sync [cancel|load-file|trustpoint|wireless-bridge]
file-sync cancel [trustpoint|wireless-bridge]
file-sync cancel [trustpoint <TRUSTPOINT-NAME>|wireless-bridge] [<DEVICE-NAME>|all|rf-domain [<DOMAIN-NAME>|all]]
file-sync load-file [trustpoint|wireless-bridge]]
file-sync load-file [trustpoint <TRUSTPOINT-NAME>|wireless-bridge] <URL>
file-sync [trustpoint <TRUSTPOINT-NAME>|wireless-bridge] [<DEVICE-NAME>|all|rf-domain [<DOMAIN-NAME>|all] {from-controller}] {reset-radio|upload-time <TIME>}

Parameters

file-sync cancel [trustpoint <TRUSTPOINT-NAME>|wireless-bridge] [<DEVICE-NAME>|all|rf-domain [<DOMAIN-NAME>|all]]
file-sync cancel [trustpoint <TRUSTPOINT-NAME>| wireless-bridge] [<DEVICE-NAME>| all|rf-domain [<DOMAIN-NAME>| all]] Cancels scheduled file synchronization
  • trustpoint – Cancels scheduled trustpoint synchronization on a specified device, all devices, or devices within a specified RF Domain
    • <TRUSTPOINT-NAME> - Specify the trustpoint name.
  • wireless-bridge – Cancels scheduled wireless-bridge certificate synchronization on a specified device, all devices, or devices within a specified RF Domain
    • <DEVICE-NAME> – Cancels scheduled trustpoint/certificate synchronization on a specified device. Specify the device‘s hostname or MAC address.
    • all – Cancels scheduled trustpoint/certificate synchronization on all devices
    • rf-domain [<DOMAIN-NAME>|all] – Cancels scheduled trustpoint/certificate synchronization on all devices in a specified RF Domain or in all RF Domains
      • <DOMAIN-NAME> – Cancels scheduled trustpoint/certificate synchronization within a specified RF Domain. Specify the RF Domain‘s name.
      • all – Cancels scheduled trustpoint/certificate synchronization on all RF Domains
file-sync load-file [trustpoint|wireless-bridge] <URL>
file-sync load-file [trustpoint| wireless-bridge] <URL> Loads the following files on to the staging controller:
  • trustpoint – Loads the trustpoint, including CA certificate, server certificate and private key
  • wireless-bridge – Loads the wireless-bridge certificate to the staging controller Use this command to load the certificate to the controller before scheduling or initiating a certificate synchronization.
    • <URL> – Provide the trustpoint/certificate location using one of the following formats:

      tftp://<hostname|IP>[:port]/path/file

      ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file

      sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file

      http://<hostname|IP>[:port]/path/file

      Note: Both IPv4 and IPv6 address types are supported.

      cf:/path/file

      usb<n>:/path/file

file-sync [trustpoint <TRUSTPOINT-NAME>|wireless-bridge] [<DEVICE-NAME>|all|rf-domain [<DOMAIN-NAME>|all] {from-controller}] {reset-radio|upload-time <TIME>}
file-sync trustpoint <TRUSTPOINT-NAME> [<DEVICE-NAME>| all|rf-domain [<DOMAIN-NAME> |all] from-controller] Configures file-syncing parameters
  • trustpoint <TRUSTPOINT-NAME> – Syncs a specified trustpoint between controller and its adopted devices
    • <TRUSTPOINT-NAME> – Specify the trustpoint name.
    Note: Trustpoint are synced all the way down the hierarchical structure. If you issue the command on the NOC controller, the specified trustpoint will be synced all the way down the site controllers and their adopted APs.
  • wireless-bridge – Syncs wireless-bridge certificate between controller and its adopted devices

    After specifying the file that is to be synced, configure following file-sync parameters:

    • <DEVICE-NAME> – Syncs trustpoint/certificate with a specified AP. Specify the device‘s hostname or MAC address.
    • all – Syncs trustpoint/certificate with all devices
    • rf-domain [<DOMAIN-NAME>|all] from-controller – Syncs trustpoint/certificate with all devices in a specified RF Domain or in all RF Domains
      • <DOMAIN-NAME> – Select to sync with APs within a specified RF Domain. Specify the RF Domain‘s name.
      • all – Select to sync with APs across all RF Domains
      • from-controller – Optional. Loads certificate to the APs from the adopting controller and not the RF Domain manager

        After specifying the access points, specify the following options: reset-radio and upload-time.

reset-radio This keyword is recursive and applicable to all of the above parameters.

Optional. Resets the radio after file synchronization. Reset the radio in case the certificate is renewed along with no changes made to the ‘bridge EAP username‘ and ‘bridge EAP password‘.

upload-time <TIME> This keyword is recursive and applicable to all of the above parameters.
  • upload-time – Optional. Schedules certificate upload at a specified time
    • <TIME> – Specify the time in the MM/DD/YYYY-HH:MM or HH:MM format. If no time is configured, the process is initiated as soon as the command is executed.

Examples

<CONTROLLER>#file-sync wireless-bridge ap510-133B3B upload-time 06/01/2019-12:30
--------------------------------------------------------------------------------
          CONTROLLER               STATUS                  MESSAGE
--------------------------------------------------------------------------------
     B4-C7-99-6D-B5-D4           Success           Queued 1 APs to upload
--------------------------------------------------------------------------------
<CONTROLLER>#