Wireless Access

I located a 2009 Technical Brief stating Aruba's position regarding CAPWAP.  Since this is 2016, I would like to know what is Aruba's current stance.

I am supporting a DoD/IC effort that utilizes Aruba Networks mobility controller and Aruba WAPs.  However, I do not have direct access to the devices at this point (i.e., I cannot view via CLI or GUI) to determine whether the Aruba mobility controller implements CAPWAP, LWAPP, or both like Cisco's 4402 wireless controller.  Any feedback would be greatly appreciated.  This is also my first hands-on with Aruba. My experience has been with Cisco and Altai Technologies wireless.

Aruba does not use either protocol. PAPI is used for management traffic and user traffic is encapsulated in GRE maintaining he existing wireless encryption.

Additionally, for DoD/IC deployments, you can deploy Aruba APs using CPsec which adds an IPsec encryption layer over the control traffic between the controller and the APs.

 

You can PM me if you want contacts to engage the Aruba Federal team for more detail. But in general, Aruba's security implementation is far more secure than the CAPWAP and LWAPP implementation as we used true centralized encryption of the user data traffic (WPA2 encrypted, wrapped in GRE, as opposed to the Cisco APs doing decrypt/re-encrypt, which makes Cisco APs 'controlled devices' and subject to TELs or Lock Boxes and periodic inspections. Since the Aruba APs don't decrypt/re-encrypt we don't require TELs, boxes, or inspections. If someone steals the AP, they have nothing. Aruba also is the most up to date on FIPS, UCAPL, and Common Criteria certifications.

 

Let us know if you need more and PM me if you want a Fed Team contact to engage further.

Thank you.