5.x and above for Aruba OS
• IPsec secures control plane traffic between CAP and controller using public-key self-signed certificates created by each master controller.
• Non-Legacy AP’s have factory installed certificates for IPsec and do not need cert from controller.
• When the controller sends an AP a certificate, that AP must reboot before it can connect to its controller over a secure channel.
auto-cert-allowed-addrs <ipaddress-start> <ipaddress-end>
(host)(config) # control-plane-security
auto-cert-allowed-addrs 192.0.2.0 192.0.2.20
Commands used to checked Whitelist DB and CPSEC status