Important
It is mandatory to configuressl parameter for
encrypted connection.ssl
ssl-cn-verify
ssl-strict-verify
trustpoint ESL
ssl parameter enables ssl on ESL communicator. This is a mandatory
parameter.
ssl-cn-verify and ssl-strict-verify parameters are
required to perform certificate validation for hostname (or IP address) in server
certificate. If ssl-cn-verify is configured and ESL server IP or hostname
doesn't match the IP or hostname in certificate common-name, then the
connection request is rejected.
trustpoint ESL parameter is required to specify a configured trustpoint
which points to CA or self-signed certificate. This parameter is required with
ssl parameter.
Note
For cleartext communication, you do not need to provide IP or host configuration for the default port. However, for secure communication, you must provide default secure port.Important
Do notenable policy before configuring the access
point in ESL on-prem or cloud server.nx9500-6C8809(config-iot-device-type-imagotag-policy-ImagoTagPolicy)#ssl
nx9500-6C8809(config-iot-device-type-imagotag-policy-ImagoTagPolicy)#show context iot-device-type-imagotag-policy ImagoTagPolicy enable output-power Level-B payload-size 25 port 200 ssl fcc-enable channel 9nx9500-6C8809(config-iot-device-type-imagotag-policy-ImagoTagPolicy)#
ap410-FD26D0(config-iot-device-type-imagotag-policy-VCLOUD)#ssl? ssl Enable ssl on ESL communicator [MANDATORY] ssl-cn-verify Enforce SSL Common Name attribute verification [OPTIONAL] ssl-strict-verify Enforce SSL strict verification [OPTIONAL]
ap410-FD26D0(config-iot-device-type-imagotag-policy-VCLOUD)#channel ? <0-10> ESL channel number acs Automatic ESL channel selection on AP managed ESL channel managed from ESL server [OPTIONAL]
Important
managed
channel mode should only be configured on new deployments.trustpoint policy exampleap410-FD26D0(config-iot-device-type-imagotag-policy-VCLOUD)#trustpoint ? WORD Trustpoint name
trustpoint attaches configured trustpoint to policy to be used for
encrypting communications.
ap310-FD8A61#show running-config profile ap310 default-ap310 profile ap310 default-ap310 no autoinstall configuration no autoinstall firmware device-upgrade auto ap310 ap360 crypto ikev1 policy ikev1-default isakmp-proposal default encryption aes-256 group 2 hash sha crypto ikev2 policy ikev2-default isakmp-proposal default encryption aes-256 group 2 hash sha crypto ipsec transform-set default esp-aes-256 esp-sha-hmac crypto ikev1 remote-vpn crypto ikev2 remote-vpn crypto auto-ipsec-secure crypto load-management crypto remote-vpn-client interface radio1 no 11axSupport interface radio2 no 11axSupport interface bluetooth1 shutdown mode le-sensor interface ge1 interface ge2 interface vlan1 ip address dhcp ip dhcp client request options all interface pppoe1 use firewall-policy default rf-domain-manager capable logging on logging console debugging logging buffered debugging no service pm sys-restart router ospf dpi metadata http dpi metadata ssl adoption-mode controller use iot-device-type-imagotag-policy ap310-FD8A61#
You need to configure the AP-ID value in ESL on-prem server or cloud server to on-board an access point. This value is found in the AP-ID column.
nx5500-85FA27#show iot-device-type-imagotag status
----------------------------------------------------------------------------------------------------------------------------------
Policy Name Status USB dongle AP-ID AP-MAC AP-NAME Channel Window Payload Power SSL
State Size Size Level Status
------------------ ----------- ------------- ----- ----------------- -------------------- -------- ------ ------- ----- ----------
Disabled Disconnected 0 94-9B-2C-13-3B-2E ap510-133B2E (ACS) 3 0 0 A Disabled
----------------------------------------------------------------------------------------------------------------------------------
Total number of devices displayed: 1
ACS: Automatic Channel Selection (automatically selected by AP)
SCS: Server Channel Selection (selected/managed by server)
nx5500-85FA27#
| no (iot-device-type-imagotag-policy) | Disables SSL encryption mode of communication |