Control Plane Security Overview
Controllers using CPsec Control Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each conductor controller. send certificates to APs that you have identified as valid APs on the network. If you want closer control over each AP that is certified, you can manually add individual campus and remote APs to the secure network by adding each AP's information to the allowlists when you first run the initial setup wizard. If you are confident that all APs currently on your network are valid APs, then you can use the initial setup wizard to configure automatic certificate provisioning to send certificates from the controller to each campus or remote AP, or to all campus and remote APs within specific ranges of IP addresses.
The default automatic certificate provisioning setting requires that you manually enter each campus AP’s information into the campus AP Campus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. allowlist, and each remote AP's information into the remote AP allowlist. If you change the default automatic certificate provisioning values to let the controller send certificates to all APs on the network, all valid APs will receive certificate, but this also increases the chance that you will certify a rogue or unwanted AP. If you configure the controller to send certificates to only those APs within a range of IP addresses, there is a smaller chance that a rogue AP receives a certificate, but any valid AP with an IP address outside the specified address ranges will not receive a certificate, and cannot communicate with the controller (except to obtain a certificate). Consider both options carefully before you complete the CPsec Control Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each conductor controller. portion of the initial setup wizard. If your controller has a publicly accessible interface, you should identify the APs on the network by the IP address range. This prevents the controller from sending certificates to external or rogue campus APs Campus APs are used in private networks where APs connect over private links (LAN, WLAN, WAN or MPLS) and terminate directly on controllers. Campus APs are deployed as part of the indoor campus solution in enterprise office buildings, warehouses, hospitals, universities, and so on. that may attempt to access your controller through that publicly accessible interface.