Configuring Secure Connections

The controllers communicate amongst themselves using a secure protocol. Among other things, this protocol is used to share between controllers the data required for high availability. They also use this protocol to communicate with NMS Wireless Manager. The protocol requires the use of a shared secret for mutual authentication of the end points.

By default the controllers and NMS Wireless Manager use a well known factory default shared secret. This makes it easy to get up and running but is not as secure as some sites require.

The controllers and NMS Wireless Manager allow the administrator to change the shared secret used by the secure protocol. In fact the controllers and Wireless Manager can use a different shared secret for each individual end point to which they connect with the protocol.

To configure the shared secret for a connection on the controller:

  1. From the top menu, click Controller.
  2. In the left pane, click Network > Secure Connections. The Secure Connections screen displays.
    Click to expand in new window
    Graphics/secure_connections.jpg
  3. Select Enable Weak Ciphers to enable weak ciphers for the remote connections. Disabling weak ciphers prevents users from accessing various web pages on the controller using less secure methods.
  4. Enter the Server IP address of the other end of the secure protocol tunnel and the shared secret to use.
  5. Click Add/Update.
  6. Click Save.
    Note

    Note

    Configure the same shared secret onto the devices at each end of the connection. Otherwise, the two controllers or controller and NMS Wireless Manager will not be able to communicate.