Wireless Access

Reply
RWN
Occasional Contributor I
Posts: 5
Registered: ‎05-28-2013

CPSec and Bridge Mode

Hello,

I would like to create a new SSID for Bridge to the local VLAN that the AP resides on. I understand that CPSEC must be enabled and the AP whitelisted for bridging to work. However, because this is a test, I do not wish to whitelist all the AP's on my corp network and interrupt guest/production wireless services. I simply want to add an AP that is on a test VLAN/Network and test bridging functionality.  Is this possible, or is it an all or nothing approach? I have read through the CPSEC chapter and it is not very clear.

Honestly, I wanted to enable CPSec during the initial controller installation for added security, but was advised not to by our engineer on the project.  I dont remember specifially what their reasoning was at the time.

Thank you.

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: CPSec and Bridge Mode

It will effect the whole controller. You can turn on auto whitelisting so all the APs will come back but you will still take a short down time whole the APs reboot with a secure channel.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
RWN
Occasional Contributor I
Posts: 5
Registered: ‎05-28-2013

Re: CPSec and Bridge Mode

Tim,

Thanks for the info. I was afraid it was an all or nothing setting.

And best practice is to turn off auto-provisioning when all the AP's have completed?

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: CPSec and Bridge Mode

That's up to your security policy. Many folks leave it enabled as the controller owns the AP once it connects.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: