Reference Guide

ManualsBrandsDell ManualsTVs & monitorsW-620

191

192

193

194

195

196

197

198

199

200

control-plane-security

auto-cert-allow-all

auto-cert-allowed-addrs <ipaddress-start> <ipaddress-end>

auto-cert-prov

cpsec-enable

no ...

Description

Configure the control plane security profile by identifying APs to receive security certificates.

Syntax

Parameter Description

auto-cert-allow-all

When you issue the control-plane-security auto-cert-allow-

all command, the controller will send a certificate to all

associated APs when auto certificate provisioning is

enabled. When disabled, the controller sends certificates

only to APs whose IP addresses are in the ranges specified

by auto-cert-allowed-addrs.

auto-cert-allowed-addrs <ipaddress-start>

<ipaddress-end>

Use this command to define a specific range of AP IP

addresses. The controller will send certificates to the APs in

this IP range when auto certificate provisioning is enabled.

Identify a range by entering the starting IP address and the

ending IP address in the range, separated by a single space.

You can repeat this command as many times as necessary to

define multiple IP ranges.

auto-cert-prov

Issue this command to enable automatic certificate

provisioning. When this feature is enabled, the controller will

attempt to send certificates to associated APs. To disable this

feature, use the command no auto-cert-prov. Automatic

certificate provisioning is disabled by default

cpsec-enable

Issue this command to enable control plane security. To

disable this feature, use the command no cpsec-enable.

Control plane security is enabled by default.

Usage Guidelines

Controllers enabled with control plane security will only send certificates to APs that you have identified as valid

APs on the network. If you are confident that all campus APs currently on your network are valid APs, you can

configure automatic certificate provisioning to send certificates from the controller to each campus AP, or to all

campus APs within a specific range of IP addresses. If you want closer control over each AP that gets certified, you

can manually add individual campus APs to the secure network by adding each AP's information to a campus AP

whitelist.

Example

The following command defines a range of IP addresses that should receive certificates from the controller, and

enables the control plane security feature:

(host)(config) # control-plane-security

Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide control-plane-security | 197