Aruba Instant & Cloud Wi-Fi

Reply
Super Contributor I
Posts: 300
Registered: ‎12-01-2010

Instant APs joining other Company's IAPs using MESH link

I have 1 subnet of IAPS around 20 X IAPs and 1 of the switch was faulty and no link to the 6 IAPs but there are power to these 6 APs. They are using static IP address they MESH up to the neighbor IAPs instead, anyway to disable the MESH on IAPs as my guess is that the neighbors APs are using the same subnet as our IAPs. Alternative is to change our IP address but hope we can disable the MESH instead.

 

Gordon

Normal Guy
MVP
Posts: 4,008
Registered: ‎07-20-2011

Re: Instant APs joining other Company's IAPs using MESH link

 

 

By mistake the other day I find out that if you enable the extended SSID option it will disable the mesh link 

 

Screen Shot 2013-07-13 at 11.40.09 AM.png

 

Mesh_Portal_Upstairs# show  ap mesh link 
No mesh supported in current mode

 You could also try the no mesh but I'm not sure if that disables it

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor
Posts: 4
Registered: ‎10-07-2013

Re: Instant APs joining other Company's IAPs using MESH link

[ Edited ]

Gordon,

Are you confident in your observations?

This gives rise to a serious moment for reflection if what you claim is true: If Aruba's APs can mesh (always or by default) without performing robust peer authentication prior to forming/joining a mesh, it would be an epic security vulnerability in deployments. Think about the obvious implications that would flow from such behaviour... It could be exploited maliciously where there is intention to do so...

Had I noticed such an issue and was confident that it was not a misconfiguration or misunderstanding on my behalf, it would have driven me to go absolutely nuts at whoever supplied/supported my installation demanding answers, and yesterday. As well as requiring a fix, it would engender a whole host of wider questions for me.

You should definitely investigate this behaviour further. If it turns out to be true, Aruba would need to start a rapid security response process to the problem and issue a bulletin/notice to its customers.

Cheers,

Nick

Search Airheads
Showing results for 
Search instead for 
Did you mean: