Wireless Access

Reply
Frequent Contributor I

CPSec communication to master controller

We are planning to enable CPSec for a customer, they have a VRRP Master pair and 2 local controllers running HA Fast-failover.

 

Currently their LMS profile and site DHCP Option 43 are pointing to the nearest local controller.

 

Will the APs ever need to talk to the Master controllers when we enable CPSec?

 

Also, is there any benefit to using factory certificates for Master->Local IPSec rather than a PSK? Would changing this across the environment require a reboot of any of the controllers and affect client traffic?

Re: CPSec communication to master controller

Hi,

 

No the APs will not need to communicate with the master controllers in the scenarion you've described. 

 

When you enable CPSec all the APs will reboot at least once, maybe twice, but the controllers will not require a reboot.

 

A certificate is more secure than a PSK. 

 

Cheers

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: