Disabling Control Plane Security
If you disable control plane security on a standalone or local switch, all APs connected to that switch reboot
then reconnect to the switch over a clear channel.
If your disable control plane security on a master switch, APs directly connected to the master switch reboot
then reconnect to the master switch over a clear channel. However, its local switches continue to communicate
with their APs over a secure channel until you save your configuration on the master switch. Once you save the
configuration, the changes are pushed down to the local switches. At that point, any APs connected to the local
switches also reboot and reconnect over a clear channel.
Verifying Whitelist Synchronization
To verify that a network of master and local switches are correctly sharing their campus AP whitelists, check the
sequence numbers on the master and local switch whitelists.
n The sequence number value on a master switch should be the same as the remote sequence number on the
local switch.
n The sequence number value on a local switch should be the same as the remote sequence number on the
master switch.
Figure 8 Sequence numbers on Master and Local Switches
Rogue APs
If you enable auto certificate provisioning enabled with the Auto Cert Allow All option, any AP that appears
on the network receives a certificate. If you notice unwanted or rogue APs connecting to your switch via an
IPsec tunnel, verify that automatic certificate provisioning has been disabled, then manually remove the
unwanted APs by deleting their entries from the campus AP whitelist.
AOS-W 6.5.3.x | User Guide Control Plane Security | 78
To Next Page
Loading...