Control Plane Security Overview

Controllers using control plane security only send certificates to APs that you have identified as valid APs on the network. If you want closer control over each AP that gets certified, you can manually add individual campus and remote APs to the secure network by adding each AP's information to the whitelists when you first run the initial setup wizard. If you are confident that all APs currently on your network are valid APs, then you can use the initial setup wizard to configure automatic certificate provisioning to send certificates from the controller to each campus or remote AP, or to all campus and remote APs within specific ranges of IP addresses.

The default automatic certificate provisioning setting requires that you manually enter each campus AP’s information into the campus AP whitelist, and each remote APs information into the remote AP whitelist. If you change the default automatic certificate provisioning values to let the controller send certificates to all APs on the network, that new setting ensures that all valid APs receive a certificate, but also increases the chance that a rogue or unwanted AP is also certified. If you configure the controller to send certificates to only those APs within a range of IP addresses, there is a smaller chance that a rogue AP gets a certificate, but any valid AP with an IP address outside the specified address ranges will not get a certificate and can not communicate with the controller (except to obtain a certificate). Consider both options carefully before you complete the control plane security portion of the initial setup wizard. If your controller has a publicly accessible interface, you should identify the APs on the network by IP address range. This prevents the controller from sending certificates to external or rogue campus APs that may attempt to access your controller through that publicly accessible interface.

Configuring Control Plane Security

When you initially deploy the controller, you create your initial control plane security configuration using the initial setup wizard. These settings can be changed at any time using the WebUI or the command-line interfaces.

NOTE: If you are configuring control plane security for the first time after upgrading from ArubaOS 5.0 or earlier, see "Configuring Control Plane Security after Upgrading" on page 97 for details on enabling this feature using the WebUI or CLI.

In the WebUI

1.Access the WebUI of a standalone or master controller, and navigate to Configuration>Network>Controller.

2.Select the Control Plane Security tab.

3.Configure the following control plane security parameters.

Table 11: Control Plane Security Parameters

Parameter

Description

Control Plane Security

Select enable or disable to turn the control plane security feature on or off. This feature is

 

enabled by default.

 

 

Auto Cert Provisioning

When the control plane security feature is enabled, you can select this checkbox to turn on

 

automatic certificate provisioning. When this feature is enabled, the controller attempts to send

 

certificates to all associated campus APs. Auto certificate provisioning is disabled by default.

 

NOTE: If you do not want to enable automatic certificate provisioning the first time you enable

 

control plane security on the controller, you must identify the valid APs on your network by

 

adding those to the campus AP whitelist. For details, see "Viewing and Managing the Master or

 

Local Switch Whitelists" on page 88.

 

After you have enabled automatic certificate provisioning, you must select either Auto Cert Allow

 

all or Addresses Allowed for Auto Cert.

Addresses allowed for

The Addresses Allowed for Auto Cert section allows you to specify ehter certificates should be

80 Control Plane Security

Dell PowerConnect W-Series ArubaOS 6.2 User Guide

Page 80
Image 80
Dell 6.2 manual Control Plane Security Overview, Configuring Control Plane Security, Parameter Description

6.2 specifications

Dell 6.2 is an advanced enterprise solution that caters to the needs of businesses seeking robust performance and efficiency. As a part of Dell's commitment to innovation, the 6.2 series combines cutting-edge technologies and features that enhance productivity and deliver reliable computing experiences.

One of the standout features of the Dell 6.2 is its impressive processing power. Equipped with the latest Intel processors, it offers exceptional speed and multitasking capabilities. This allows businesses to run demanding applications effortlessly, making it ideal for data-intensive tasks such as data analysis, software development, and virtualization. The series also supports substantial RAM configurations, enabling users to manage extensive workloads without experiencing slowdowns.

In terms of storage, the Dell 6.2 line includes advanced SSD options that significantly boost data access speeds compared to traditional hard drives. This rapid access to information is vital for businesses that require quick retrieval of large datasets. Furthermore, the devices support RAID configurations, which enhances data redundancy and security, protecting critical business information from loss.

Connectivity is another critical aspect of the Dell 6.2 series. It includes multiple USB ports, HDMI outputs, and high-speed Ethernet options, ensuring that users can easily connect to various peripherals and networks. The integration of Wi-Fi 6 technology enables faster wireless connections, resulting in improved internet speeds and bandwidth efficiency, which is crucial in today’s increasingly connected workplaces.

Dell has also prioritized security in the 6.2 series. It features enhanced biometric authentication and advanced encryption methods, safeguarding sensitive data from unauthorized access. Additionally, the system's BIOS protection and automatic updates provide an added layer of security, ensuring that the device remains safe from emerging threats.

The design of the Dell 6.2 is not only sleek and modern but also built for durability. Its robust chassis is engineered to withstand the rigors of daily use, making it suitable for various business environments. This durability ensures that the investment in Dell 6.2 will last for years while maintaining performance integrity.

In summary, the Dell 6.2 series embodies a blend of speed, storage efficiency, connectivity, and security, making it a top choice for enterprises looking to enhance their computing capabilities. With its modern features and durable design, Dell 6.2 is positioned as a reliable partner in driving business success.