Controller Based WLANs

What is control plane security? How does one configure/verify it?

5.x and above for Aruba OS

 

 IPsec secures control plane traffic between CAP and controller using public-key self-signed certificates created by each master controller.


 Non-Legacy AP’s have factory installed certificates for IPsec and do not need cert from controller.


 When the controller sends an AP a certificate, that AP must reboot before it can connect to its controller over a secure channel.

 

rtaImage.png

 

 

control-plane-security
  auto-cert-allowed-addrs <ipaddress-start> <ipaddress-end>
  auto-cert-allow-all
  auto-cert-prov
  {no cpsec-enable}|cpsec-enable


Example:
(host)(config) # control-plane-security
auto-cert-prov
no auto-cert-allow-all
auto-cert-allowed-addrs 192.0.2.0 192.0.2.20

 

 

 Controllers using control plane security will only send certificates to AP’s that have been identified as valid APs on the network. For closer control over each AP that gets certified, you can manually add individual campus APs to the Campus AP Whitelist.

 

 

 

 Campus APs appear as valid APs in the campus AP whitelist when you manually enter their information into the whitelist

 

 

 

 Any APs not approved or certified on the network will also be included in the campus AP whitelist, but these APs will appear in an unapproved state.

 

 

 

Commands used to checked Whitelist DB and CPSEC status

rtaImage (1).png

rtaImage.png

 

 

 

Version history
Revision #:
1 of 1
Last update:
‎06-26-2014 02:50 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.