Control Plane Security
ArubaOSsupports secureIPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session.communications between amanaged deviceandcampus APsCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on.orremote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.using public-key self-signed certificates created by eachMobility Master. Themanaged devicecertifies its APs by issuing them certificates.
If theMobility Masterhas any associatedmanaged device, theMobility Mastersends a certificate to eachmanaged device, which in turn sends certificates to their own associated APs. If amanaged deviceis unable to contact theMobility Masterto obtain it's own certificate, it will not be able to certify the APs, and those APs can not communicate with theirmanaged deviceuntilMobility Master-managed devicecommunication has been re-established. You create an initialCPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller.configuration when you first configure themanaged deviceusing the initial setup wizard. TheArubaOSinitial setup wizard enablesCPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller.by default, so it is very important that themanaged devicebe able to communicate with theMobility Masterwhen it is first provisioned.
Some AP model types have factory-installeddigital certificatesA digital certificate is an electronic document that uses a digital signature to bind a public key with an identity—information such as the name of a person or an organization, address, and so forth.. These AP models use their factory-installed certificates forIPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session., and do not need a certificate from themanaged device. Once acampus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on.orremote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.is certified, either through a factory-installed certificate or a certificate from themanaged device, the AP can failover betweenmanaged devices而且还安全的网络保持联系,cause each AP has the sameMobility Masteras a common trust anchor.
Themanaged devicemaintains two separate AP whitelists; one forcampus APsCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on.and one forremote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.. These whitelists contain records of allcampus APsCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on.orremote APsRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.connected to the network. You can use acampus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on.orremote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.whitelist at any time to add a new validcampus APCampus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on.orremote APRemote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link.to the secure network, or revoke network access to any suspected rogue or unauthorized APs.
When themanaged devicesends a certificate to the AP, that AP must reboot before it can connect to themanaged deviceover a secure channel. If you are enablingCPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller.for the first time on a large network, you may experience several minutes of interrupted connectivity while each AP receives its certificate and establishes its secure connection.
Topics in this
Control Plane Security Overview
Configuring Control Plane Security
Configuring Networks with a Backup Mobility Master
