07-13-2013 08:12 AM
I have 1 subnet of IAPS around 20 X IAPs and 1 of the switch was faulty and no link to the 6 IAPs but there are power to these 6 APs. They are using static IP address they MESH up to the neighbor IAPs instead, anyway to disable the MESH on IAPs as my guess is that the neighbors APs are using the same subnet as our IAPs. Alternative is to change our IP address but hope we can disable the MESH instead.
07-13-2013 08:36 AM
By mistake the other day I find out that if you enable the extended SSID option it will disable the mesh link
Mesh_Portal_Upstairs# show ap mesh link No mesh supported in current mode
You could also try the no mesh but I'm not sure if that disables it
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
10-07-2013 10:49 AM - edited 10-07-2013 04:22 PM
Are you confident in your observations?
This gives rise to a serious moment for reflection if what you claim is true: If Aruba's APs can mesh (always or by default) without performing robust peer authentication prior to forming/joining a mesh, it would be an epic security vulnerability in deployments. Think about the obvious implications that would flow from such behaviour... It could be exploited maliciously where there is intention to do so...
Had I noticed such an issue and was confident that it was not a misconfiguration or misunderstanding on my behalf, it would have driven me to go absolutely nuts at whoever supplied/supported my installation demanding answers, and yesterday. As well as requiring a fix, it would engender a whole host of wider questions for me.
You should definitely investigate this behaviour further. If it turns out to be true, Aruba would need to start a rapid security response process to the problem and issue a bulletin/notice to its customers.