CAPsMAN(from MikroTik) has certificates that you can distribute to access points, and then turn on the"Require Peer Certificate" checkbox and not issue more new certificates.In theory, this should protect the network from connecting new access points.
But what prevents any Yureza from connecting its router to the network(simply by plugging a wire into some switch in the corner) and when its router receives everything it needs via DHCP, get its point access in the end?
What is the meaning of certificates then?
The question really is not about CAPsMAN, but about network security in general? Well, it will interfere with everything that usually prevents us from connecting laptops brought from home — linking poppies to ports, limiting poppies in DHCP.