Trustpoint for Cisco 9800-80 Wireless Management Interface

Jerome N · ‎10-21-2020

Hi,
I am attempting to create a WMI on c9800 controller. I had used the pre-installed MIC (CISCO_IDEVID_SUDI) on 16.10.1 but upon upgrading to 16.12.4s, I am now unable to use this trustpoint.

Via the Gui, I no longer have a list of trustpoints to select from even though they are still present under PKI management.

Via the CLI, attempting to configure with "wireless management trustpoint" command, I receive the following output:

% switch-1:dbm:wireless:Default Cisco SUDI trustpoint name is not allowed

Also, does it matter whether I create a SSC or use the MIC. What's the difference?

Could anyone assist? Any help is appreciated.

Nicolas Poirier · ‎10-21-2020

See Grendizer answer below

Grendizer · ‎10-21-2020

Check the 9800 best practices doc, https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html in it, you will see you need to use:

c9800(config)#no wireless management trustpoint
c9800(config)#wireless management trustpoint CISCO_IDEVID_SUDI

Jerome N · ‎10-22-2020

Thanks for your replies.
I actually found what seems to be a bug - CSCvr03501 - On 9800-40/-80/-L GUI, wireless mgmt interface should only list non-default LSC in cert menu

Appears the option should be blank as MICs are used a default. If i go to Monitoring --> System --> Wireless Interface then it informs I'm using CISCO_IDEVID_SUDI

Adding this info just in case anyone else needs some answers.
Yet to adopt an AP to ensure it does work.