Filter
Top Products
Parameter Description
Auto Cert sent to all associated APs, or just APs within one or more specific IP address ranges. If your
controller has a publicly accessible interface, you should identify your campus and Remote APs
by IP address range. This prevents the controller from sending certificates to external or rogue
campus APs that may attempt to access your controller through that interface.
Select All to allow all associated campus and remote APs to receive automatic certificate
provisioning. This parameter is enabled by default.
Select Addresses Allowed for Auto Cert to send certificates to a group of campus or remote APs
within a range of IP addresses. In the two fields below, enter the start and end IP addresses,
then click Add. Repeat this procedure to add additional IP ranges to the list of allowed
addresses. If both control plane security and auto certificate provisioning is enabled, all APs in
the address list receives automatic certificate provisioning.
Remove a range IP addresses from the list of allowed addresses by selecting the IP address
range from the list and clicking Delete.
Number of AP Whitelist
Entries
The total number of APs in the remote AP and campus AP Whitelists. This number is also a link
to a combined whitelist that displays all campus and remote AP entries.
4. Click Apply to save your changes.
The master controller generates its self-signed certificate and begins distributing certificates to campus APs and any
local Dell controllers on the network over a clear channel. After all APs have received a certificate and have connected
to the network using a secure channel, access the Control Plane Security window and turn off auto certificate
provisioning if that feature was enabled. This prevents the controller from issuing a certificate to any rogue APs that
may appear on your network at a later time.
Figure 12: Control Plane Security Settings
In the CLI
Use the following commands to configure control plane security via the command line interface on a standalone or
master controller. Descriptions of the individual parameters are listed in Table 11, above.
control-plane-security
auto-cert-allow-all
auto-cert-allowed-addrs <ipaddress-start> <ipaddress-end>
auto-cert-prov
cpsec-enable
Example:
(host)(config) # control-plane-security
auto-cert-prov
no auto-cert-allow-all
auto-cert-allowed-addrs 10.21.18.10 10.21.10.90
View the current control plane security settings using the following command:
show control-plane-security
DellPowerConnectW-SeriesArubaOS6.2 | User Guide ControlPlane Security | 81