Aruba Apps

Reply
New Contributor

Control Plane Security between Aruba7210 and AP-115

Trying to get IPSEC tunnels configured between a 7210 controller and AP-115's.  I enable control plane security and the AP's reboot as expected but they still come up showing IPSEC disabled under monitoring for all AP's.  It appears that the controller has a factory installed certficate and all of the AP's are showing in the whitelist with a factory certified certificate.  Not sure what step I am missing here.  I am new to Aruba.

 

Thanks for any direction.

 

Craig

 

Re: Control Plane Security between Aruba7210 and AP-115

To do IPSEC tunnels you would need to provision them as RAPs, which requires enabling the VPN Server on the controller and creating a ip pool for them to use.
ACDX #419 | ACMP |
New Contributor

Re: Control Plane Security between Aruba7210 and AP-115

Ok-

So I guess that I misunderstood the control plane security.  With that enabled it is encrypting traffic between the AP and the controller just not doing so via an IPSEC tunnel?  Or is the control plane security something else entirely.

 

Thank you,

 

Craig

 

Re: Control Plane Security between Aruba7210 and AP-115

CPSEC doesn't change the standard of using a GRE tunnel to send traffic. Basically it allows the controller to keep a whitelist of allowed campus APs that can connect to the controller, and anything not on the whitelist won't be allowed to connect and be provisioned.
ACDX #419 | ACMP |

Re: Control Plane Security between Aruba7210 and AP-115

from documentation it does use IPsec for the control traffic, but not the client traffic, that indeed remains GRE unless provisioned as RAP.

 

http://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-control-plane-security-How-does-one-configure-verify-it/ta-p/174912

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: