Hi Colin,
I didn't know this before, but then I have just read in some Aruba documentation that CPSec is only intended for CAPs:
Control plane security feature has been designed to support campus AP’s only, It is not intended for use with Remote AP’s. Please do not attempt to use cpsec with any RAP devices.
So let me understand this:
1. Do RAPs never use control plane security because they always use IPSEC for the VPN tunnel?
2. Then is CPSec is disabled, what's the point of having a RAP certificate. Will the controller check the RAP certificate with CPSec disabled?
3. On the other hand, is there a problem if the inner IP is changed? I don't think so, please confirm.
Many thanks for your replies, always learning...
Regards,
Julián