Dear All,
If CPsec is not enabled, an AP will build GRE tunnels to the controller for each of its BSSIDs,
If CPsec is enabled, the AP still builds GRE tunnels to the controller for each of its BSSIDs.
#show datapath tunnel table | include <IP_address_of_AP>
:
:
and I can see Protocol = 47 in the output.
But when CPsec is enable, #show crypto ipsec sa is telling me that each AP has an IPsec tunnel to the controller.
What is the use of this IPsec from the AP to the controller? MTU seems to be default at 1500 for Campus AP and this is standard for L3.
Are all BSSID GREs now going into this IPsec and got the traffic encrypted?
Thanks in advance,
Kenneth