Controller-less WLANs

Is keepalive mechanism involves sending periodic ping within the IPsec ? what is the packet size ?
Q:

Is keepalive mechanism involves sending periodic ping within the IPsec ? what is the packet size ?



A:

Keepalive mechanism involves sending periodic ping within the IPsec. This is a 96 byte packet and only sent out in the following scenarios –

  1. For Aruba IPSec – this is client traffic aware and keepalive is only sent if there is no Tx/Rx from/to the CL2 client behind the IAP. If the client is inactive – then the keepalive mechanism is triggered and failover happens if this fails for configured number of packets.
  2. For Aruba GRE – the tunnel maintenance does not rely on client data and a periodic ping is always sent through the Control-path IPsec tunnel.
  3. Controller does not have an independent keepalive mechanism to validate IAP VPN/GRE tunnels – those are aged out independently based on the AAA time out values for the user entries.
  4. This also implies that tunnel detection is not really bi-directional, and only relies on Tx/RX packet counts on the tunnel devices (tun0 or any other tunnel device) on the IAP.
Version history
Revision #:
2 of 2
Last update:
‎03-23-2017 04:27 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.