Question: Are there any known interoperability issues between TippingPoint IPS and Aruba APs?
Product and Software: This article applies to all Aruba controllers and APs and all ArubaOS versions. This article also applies to all networks when TippingPoint IPS is used to provide a wired intrusion prevention solution.
Customers might experience wireless performance issues when Aruba APs are deployed in a wired network where TippingPoint IPS appliances are deployed. These issues are especially likely in cases where the TippingPoint IPS appliance is somewhere in between the Aruba APs and Aruba controllers.
The problem is related to the fact that some of the GRE traffic between Aruba APs and controllers is fragmented and TippingPoint IPS has an undocumented rate-limit for all fragments.
Solution
To get around this problem, make the following configuration changes on TippingPoint:
- Disable rate-limits for GRE fragments.
OR
- Create an exception so that traffic between Aruba APs and controllers is not monitored or inspected.
In addition, for Layer 2 networks where jumbo frames are not supported, make the following changes on the relevant Aruba system profile so that the AP will not attempt to send traffic using jumbo frames:
ap system-profile "XXX_System_Profile"
mtu 1500
For further information, contact TippingPoint Tech Support.