Wireless Access

Reply
Occasional Contributor II

Master-Local Centralized licensing messages

By default, Master and Local controllers communicate via IPSec Tunnel with factory certificates.

 

What about Centralized licensing messages between master and local controllers? In what way are they sent?

 

IPSec or Clear unencrypted?

 

 

 

 

MVP

Re: Master-Local Centralized licensing messages

Hi Kciko,

 

As you have IPsec tunnels between the controllers, the licensing will be exchanged through that IPsec tunnel.

 

 

 

Regards,
Borja
ACMX #567 //ACCP//CWNA//CWAP
New Member

Re: Master-Local Centralized licensing messages

Licenses are syncronised unencrypted.

And ther is no need to encrypt because license is bound to the controller serial and mac when registered.

See also
http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/New_Licenses/Multi__Network.htm
New Member

Re: Master-Local Centralized licensing messages

Licenses are syncronised unencrypted.

And ther is no need to encrypt because license is bound to the controller serial and mac when registered.

See also
http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/New_Licenses/Multi__Network.htm
MVP

Re: Master-Local Centralized licensing messages

Hi Marcelkoedjk,

 

From the guide:

 

"Establish secure IPsec tunnels between the primary licensing server controller and the licensing client controllers by enabling control plane security on that cluster of master controllers, or by creating site-to-site VPN tunnels between the licensing server and client controllers. This step is not required, but if you do not create secure tunnels between the controllers, the controllers will exchange clear, unencrypted licensing information. This step is not required for a master-local topology."

 

"If the tunnel is not established by the user, the messages exchanged between the master controllers will be sent in clear."

 

So from that parapgraph, I'd say that if you have IPsec between your controllers that will traffic be encrypted.

 

Additionally: https://community.arubanetworks.com/t5/Controller-Based-WLANs/What-port-numbers-should-be-alllowed-to-enable-centrallized/ta-p/233977

 

 

 

 

Regards,
Borja
ACMX #567 //ACCP//CWNA//CWAP
Occasional Contributor II

Re: Master-Local Centralized licensing messages

Yes, it makes sense.

So, if you have IPSec, license are exchanged in encrypted mode.

 

By default, is IPSec established between controllers ???

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: