Configuring Control Plane Security after Upgrading

When you initially deploy a controller running ArubaOS 6.0 or later, create your initial control plane security configuration using the initial setup wizard. However, if you are upgrading to ArubaOS 6.0 or if you are upgrading from ArubaOS 5.0 but did not yet have control plane security enabled before the upgrade, then you can use the strategies described in Table 23 to enable and configure control plane security feature.

NOTE: If you upgrade a controller running ArubaOS 5.0.x to ArubaOS 6.0 or later, then the controller’s control plane security settings

do not change after the upgrade. If control plane security was already enabled, then it remains enabled after the upgrade. If it was

not enabled previously, but you wish to use the feature after upgrading, then it must be manually enabled.

Table 23: Control Plane Security Upgrade Strategies

Automatically send Certificates to Campus APs

Manually Certify Campus APs

1. Access the control plane security window and enable both

1. Identify the campus APs that should receive certificates

the control plane security feature and the auto certificate

by entering the campus APs’ MAC addresses in the campus

provisioning option. Next, specify whether you want all

AP whitelist.

associated campus APs to automatically receive a certificate,

 

or if you want to certify only those APs within a defined range

 

of IP addresses.

 

 

 

2. Once all APs have received their certificates, disable auto

2. If your network includes both master and local Dell

certificate provisioning to prevent certificates from being

controllers, wait a few minutes, then verify that the campus

issued to any rogue APs that may appear on your network at a

AP whitelist has been propagated to all other Dell

later time.

controllers on the network. Access the WebUI of the master

 

controller, navigate to Configuration>Controller>Control

 

Plane Security, then verify that the Current Sequence

 

Number field has the same value as theSequence Number

 

entry for each local controller in the local switch whitelist.

 

(For details, see "Verifying Whitelist Synchronization" on

 

page 98.)

 

 

3. If a valid AP did not receive a certificate during the initial

3. Enable the control plane security feature.

certificate distribution, you can manually certify the AP by

 

adding that AP’s MAC address to the campus AP whitelist.

 

You can also use this whitelist to revoke certificates from APs

 

that should not be allowed access to the secure network.

 

 

 

NOTE: If you upgraded your controller from ArubaOS 5.0 or earlier and you want to use this feature for the first time, you must either add all valid APs to the campus AP whitelist or enable automatic certificate provisioning before you enable the feature. If you do not enable automatic certificate provisioning, only the APs currently approved in the campus AP whitelist are allowed to communicate with the controller over a secure channel. Any APs that do not receive a certificate are not be able to communicate with the controller except to request a certificate.

Troubleshooting Control Plane Security

Identifying Certificate Problems

If an AP has a problem with its certificate, check the state of the AP in the campus AP whitelist. If the AP is in either the certified-hold-factory-cert or certified-hold-switch-cert states, you may need to manually change the status of that AP before it can be certified.

certified-hold-factory-cert: An AP is put in this state when the controller thinks the AP has been certified with a factory certificate yet the AP requests to be certified again. Since this is not a normal condition, the AP is not

Dell PowerConnect W-Series ArubaOS 6.2 User Guide

Control Plane Security 97

Page 97
Image 97
Dell 6.2 manual Configuring Control Plane Security after Upgrading, Troubleshooting Control Plane Security

6.2 specifications

Dell 6.2 is an advanced enterprise solution that caters to the needs of businesses seeking robust performance and efficiency. As a part of Dell's commitment to innovation, the 6.2 series combines cutting-edge technologies and features that enhance productivity and deliver reliable computing experiences.

One of the standout features of the Dell 6.2 is its impressive processing power. Equipped with the latest Intel processors, it offers exceptional speed and multitasking capabilities. This allows businesses to run demanding applications effortlessly, making it ideal for data-intensive tasks such as data analysis, software development, and virtualization. The series also supports substantial RAM configurations, enabling users to manage extensive workloads without experiencing slowdowns.

In terms of storage, the Dell 6.2 line includes advanced SSD options that significantly boost data access speeds compared to traditional hard drives. This rapid access to information is vital for businesses that require quick retrieval of large datasets. Furthermore, the devices support RAID configurations, which enhances data redundancy and security, protecting critical business information from loss.

Connectivity is another critical aspect of the Dell 6.2 series. It includes multiple USB ports, HDMI outputs, and high-speed Ethernet options, ensuring that users can easily connect to various peripherals and networks. The integration of Wi-Fi 6 technology enables faster wireless connections, resulting in improved internet speeds and bandwidth efficiency, which is crucial in today’s increasingly connected workplaces.

Dell has also prioritized security in the 6.2 series. It features enhanced biometric authentication and advanced encryption methods, safeguarding sensitive data from unauthorized access. Additionally, the system's BIOS protection and automatic updates provide an added layer of security, ensuring that the device remains safe from emerging threats.

The design of the Dell 6.2 is not only sleek and modern but also built for durability. Its robust chassis is engineered to withstand the rigors of daily use, making it suitable for various business environments. This durability ensures that the investment in Dell 6.2 will last for years while maintaining performance integrity.

In summary, the Dell 6.2 series embodies a blend of speed, storage efficiency, connectivity, and security, making it a top choice for enterprises looking to enhance their computing capabilities. With its modern features and durable design, Dell 6.2 is positioned as a reliable partner in driving business success.