Aruba Apps

Trying to get IPSEC tunnels configured between a 7210 controller and AP-115's.  I enable control plane security and the AP's reboot as expected but they still come up showing IPSEC disabled under monitoring for all AP's.  It appears that the controller has a factory installed certficate and all of the AP's are showing in the whitelist with a factory certified certificate.  Not sure what step I am missing here.  I am new to Aruba.

 

Thanks for any direction.

 

Craig

 

#7210

To do IPSEC tunnels you would need to provision them as RAPs, which requires enabling the VPN Server on the controller and creating a ip pool for them to use.

Ok-

So I guess that I misunderstood the control plane security.  With that enabled it is encrypting traffic between the AP and the controller just not doing so via an IPSEC tunnel?  Or is the control plane security something else entirely.

 

Thank you,

 

Craig

 

CPSEC doesn't change the standard of using a GRE tunnel to send traffic. Basically it allows the controller to keep a whitelist of allowed campus APs that can connect to the controller, and anything not on the whitelist won't be allowed to connect and be provisioned.

from documentation it does use IPsec for the control traffic, but not the client traffic, that indeed remains GRE unless provisioned as RAP.

 

http://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-control-plane-security-How-does-one-configure-verify-it/ta-p/174912