Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Security Settings for a Mobility Domain

    You can enhance security on your network by enabling WLC-WLC security. WLC-WLC security encrypts management traffic exchanged by WLC switches in a Mobility Domain.

    When WLC-WLC security is enabled, management traffic among WLC switches in the Mobility Domain is encrypted using AES. The keying material is dynamically generated for each session and passed among switches using configured public keys.

    To configure security settings for a mobility domain:

    1. From the View pane, select the mobility domain for which you want to configure the security settings.
    2. From the Tasks pane, select Domain Management > Manage WLC - WLC Security. The Manage WLC - WLC Security page opens.
    3. Do one of the following:
      • Select Enable from the Security Mode list to enable security for the mobility domain.
      • Select Disable to disable security for the mobility domain. This is the default mode.
    4. If you select to enable security, Network Director displays a table listing all the WLCs in the selected mobility domain. Table 1 lists the fields that are displayed in the Manage WLC - WLC Security page.

      Table 1: Wireless LAN Controller Details

      Field

      Description

      WLC Controller

      Host name of the WLC.

      Role

      The role of the WLC in the mobility domain. A WLC can be a primary controller, a secondary controller, or a member.

      Public Key

      The public key of the WLC.

      Last Fetched Time

      The time when the public key was last obtained from the WLC.

    5. If you want to use the public keys from the WLC, do the following:

      1. On the Mobility System Software (MSS™) command line interface (CLI) on each of the domain controller, run the crypto generate key domain 128 command. This command generates an RSA public-private encryption key pair that is required for a Certificate Signing Request (CSR) or a self-signed certificate.
      2. Click Retrieve Keys from Controllers in the Manage WLC - WLC Security page. Network Director retrieves the public keys for all the domain controller WLCs and lists them in the Public Key column.
    6. Click Done to save the changes that you made to the security settings.

    Modified: 2018-01-23