Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200
121122123124125126127128129130
123 | Control Plane Security Dell Networking W-Series ArubaOS 6.4.x| User Guide
Figure 4 Control Plane Security Settings
In the CLI
Use the commands below to configure control plane security via the command line interface on a standalone
or master controller. Descriptions of the individual parameters are listed in Table 19, above.
(host)(config) #control-plane-security
(host)(Control Plane Security Profile) #auto-cert-allow-all
(host)(Control Plane Security Profile) #auto-cert-allowed-addrs <ipaddress-start> <ipaddress-
end>
(host)(Control Plane Security Profile) #auto-cert-prov
(host)(Control Plane Security Profile) #cpsec-enable
View the current control plane security settings using the following command:
(host) #show control-plane-security
Managing AP Whitelists
Campus or Remote APs appear as valid APs in the campus or Remote AP whitelists when you manually enter
their information into the campus or Remote APwhitelists through the WebUIor CLI of a controller or after a
controller sends a certificate to an APas part of automatic certificate provisioning and the AP connects to the
controller over a secure tunnel. APs that are not approved or certified on the network are included in the
campus APwhitelists, but these APs appear in an unapproved state.
Use the APwhitelists to grant valid APs secure access to the network or to revoke access from suspected rogue
APs. When you revoke or remove an AP from the campus or remote AP whitelists on a controller that uses
control plane security, that AP is not able to communicate with the controller again, except to obtain a new
certificate.
If you manually add APs to the APwhitelists (rather than automatically adding the APs as part of automatic certificate
provisioning), make sure that the APwhitelists have been synchronized to all other controllers on the network before
enabling control plane security.
Adding an AP to the Campus or Remote AP Whitelists
You can add an AP to the campus AP or remote AP whitelists over the WebUI or CLI.
In the WebUI
To add an AP to the campus AP or Remote AP whitelist:
1. Navigate to Configuration > Wireless > AP Installation.
2. Click the Whitelist tab.
3. Select the whitelist to which you want to add an AP. The Whitelist tab displays status information for the
Campus AP Whitelist by default. To add a Remote AP to the Remote AP whitelist, click the Remote AP link
before you proceed to step 4 on page 124.