Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200

121

122

123

124

125

126

127

128

129

130

Parameter Description

Control Plane

Security

Select enable or disable to turn the control plane security feature on or off. This

feature is enabled by default.

Auto Cert

Provisioning

When you enable the control plane security feature, you can select this checkbox to

turn on automatic certificate provisioning. When you enable this feature, the

controller attempts to send certificates to all associated campus APs. Auto

certificate provisioning is disabled by default.

NOTE: If you do not want to enable automatic certificate provisioning the first time

you enable control plane security on the controller, you must identify the valid APs

on your network by adding those to the campus AP whitelist. For details, see Viewing

the Master or Local Controller Whitelists on page 133.

After you have enabled automatic certificate provisioning, you must select either

Auto Cert Allow all or Addresses Allowed for Auto Cert.

Addresses allowed

for Auto Cert

The Addresses Allowed for Auto Cert section allows you to specify whether

certificates are sent to all associated APs, or just APs within one or more specific IP

address ranges. If your controller has a publicly accessible interface, you should

identify your campus and Remote APs by IP address range. This prevents the

controller from sending certificates to external or rogue campus APs that may

attempt to access your controller through that interface.

Select All to allow all associated campus and remote APs to receive automatic

certificate provisioning. This parameter is enabled by default.

Select Addresses Allowed for Auto Cert to send certificates to a group of

campus or remote APs within a range of IP addresses. In the two fields below,

enter the start and end IP addresses, then click Add. Repeat this procedure to add

additional IP ranges to the list of allowed addresses. If you enable both control

plane security and auto certificate provisioning, all APs in the address list receives

automatic certificate provisioning.

Remove a range of IP addresses from the list of allowed addresses by selecting the

IP address range from the list and clicking Delete.

Number of AP

Whitelist Entries

This parameter is the total number of APs in the remote AP and campus AP

Whitelists. This number is also a link to a combined whitelist that displays all

campus and remote AP entries.

Table 19: Control Plane Security Parameters

4. Click Apply.

The master controller generates its self-signed certificate and begins distributing certificates to campus APs and

any local controllers on the network over a clear channel. After all APs have received a certificate and have

connected to the network using a secure channel, access the Control Plane Security window and turn off

auto certificate provisioning if that feature was enabled. This prevents the controller from issuing a certificate

to any rogue APs that may appear on your network at a later time.

Dell Networking W-Series ArubaOS 6.4.x | User Guide Control Plane Security | 122