CAPsMAN(from MikroTik) has certificates that you can distribute to access points, and then turn on the"Require Peer Certificate" checkbox and not issue more new certificates.In theory, this should protect the network from connecting new access points.
But what prevents any Yureza from connecting its router to the network(simply by plugging a wire into some switch in the corner) and when its router receives everything it needs via DHCP, get its point access in the end?

What is the meaning of certificates then?

2 Answers 2
The question really is not about CAPsMAN, but about network security in general? Well, it will interfere with everything that usually prevents us from connecting laptops brought from home — linking poppies to ports, limiting poppies in DHCP.
  • Here is the binding of poppies to the ports - will close the hole.And why then CAPsMAN certificates? – Summer Chocobo Jun 17 '19 at 23:25
  • [[super-guest]], Probably to close access in the event that this point is the only one in the district, while protecting itself from the fake poppies.I have not used it myself. – Gifted9 Jun 18 '19 at 05:26
  • For corporate wifi, you need wpa-eap.And there is already authorization through company sso, certificates and other amenities.
    The employee quit, lost access to the waffle, in contrast to the psk.Well, do not change it with every dismissal.
    – Black Buffalo Jun 18 '19 at 22:18