67| Control Plane Security AOS-W 6.5.3.x| User Guide
Switch Role Campus AP Whitelist
Master Switch
Whitelist
Local Switch
Whitelist
On a (standalone)
master switch with no
local switches:
The campus AP whitelist contains
entries for the secure campus
APs associated with that switch.
The master switch
whitelist is empty, and
does not appear in the
WebUI.
The local switch
whitelist is empty, and
does not appear in
the WebUI.
On a master switch
with local switches:
The campus AP whitelist contains
an entry for every secure
campus AP on the network,
regardless of the switch to which
it is connected.
The master switch
whitelist is empty, and
does not appear in the
WebUI.
The local switch
whitelist contains an
entry for each
associated local
switch.
On a local switch: The campus AP whitelist contains
an entry for every secure
campus AP on the network,
regardless of the switch to which
it is connected.
The master switch
whitelist contains the
MAC and the IP
addresses of the
master switch.
The local switch
whitelist is empty, and
does not appear in
the WebUI.
Table 21: Control Plane Security Whitelists
Figure 6 Local Switch Whitelist on a Master Switch
If your deployment includes both master and local switches, then the campus AP whitelist on every switch
contains an entry for every secure AP on the network, regardless of the switch to which it is connected. The
master switch also maintains a whitelist of local switches using control plane security. When you change a
campus AP whitelist on any switch, that switch contacts the other connected switches to notify them of the
change.
The master switch whitelist on each local switch contains the IP and MAC addresses of its master switch. If your
network has a redundant master switch, then this whitelist contains more than one entry. You rarely need to
delete the master switch whitelist. Although you can delete an entry from the master switch whitelist, you
should do so only if you have removed a master switch from the network.
Campus AP Whitelist Synchronization
The current sequence number in the AP Whitelist Sync Status field shows the number of changes to the
campus AP whitelist made on that switch. Each switch compares its campus AP whitelist against whitelists on
other switches every two minutes by default. If a switch detects a difference, it sends its changes to the other
switches on the network. If all other switches on the network have successfully received and acknowledged all
whitelist changes made on that switch, every entry in the sequencenumber column in the local switch or
master switch whitelists has the same value as the sequence number displayed in the AP Whitelist Sync
To Next Page
Loading...