3. Configure the following control plane security parameters:
Parameter Description
Control Plane
Security
Select enable or disable to turn the control plane security feature on or off. This
feature is enabled by default.
Auto Cert
Provisioning
When you enable the control plane security feature, you can select this checkbox to
turn on automatic certificate provisioning. When you enable this feature, the switch
attempts to send certificates to all associated campus APs. Auto certificate
provisioning is disabled by default.
NOTE: If you do not want to enable automatic certificate provisioning the first time
you enable control plane security on the switch, you must identify the valid APs on
your network by adding those to the campus AP whitelist. For details, see Viewing
the Master or Local Switch Whitelists on page 68.
After you have enabled automatic certificate provisioning, you must select either
Auto Cert Allow all or Addresses Allowed for Auto Cert.
Addresses allowed
for Auto Cert
The Addresses Allowed for Auto Cert section allows you to specify whether
certificates are sent to all associated APs, or just APs within one or more specific IP
address ranges. If your switch has a publicly accessible interface, you should identify
your campus and Remote APs by IP address range. This prevents the switch from
sending certificates to external or rogue campus APs that may attempt to access
your switch through that interface.
Select All to allow all associated campus and remote APs to receive automatic
certificate provisioning. This parameter is enabled by default.
Select Addresses Allowed for Auto Cert to send certificates to a group of campus
or remote APs within a range of IP addresses. In the two fields below, enter the start
and end IP addresses, then click Add. Repeat this procedure to add additional IP
ranges to the list of allowed addresses. If you enable both control plane security and
auto certificate provisioning, all APs in the address list receives automatic certificate
provisioning.
Remove a range of IP addresses from the list of allowed addresses by selecting the
IP address range from the list and clicking Delete.
Number of AP
Whitelist Entries
This parameter is the total number of APs in the remote AP and campus AP
Whitelists. This number is also a link to a combined whitelist that displays all campus
and remote AP entries.
Table 17: Control Plane Security Parameters
4. Click Apply.
The master switch generates its self-signed certificate and begins distributing certificates to campus APs and
any local switches on the network over a clear channel. After all APs have received a certificate and have
connected to the network using a secure channel, access the Control Plane Security window and turn off
auto certificate provisioning if that feature was enabled. This prevents the switch from issuing a certificate to
any rogue APs that may appear on your network at a later time.
Figure 4 Control Plane Security Settings
AOS-W 6.5.3.x | User Guide Control Plane Security | 58
To Next Page
Loading...