Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Master-Local tunnel formation

This thread has been viewed 0 times

  • 1.  Master-Local tunnel formation

    Posted Apr 05, 2018 12:11 AM

    Hi,

    I am new to aruba products. Could you please explain the tunnel formation that is happening in master-local.

    1. My AP is forming a PAPI tunnel with the master and then it checks the lms ip which is the local controller's IP.

    2. Now my AP will it form PAPI tunnel at first with the local controller or is it GRE and then PAPI

    Thank you in advance



  • 2.  RE: Master-Local tunnel formation

    MVP EXPERT
    Posted Apr 05, 2018 04:15 AM
    The AP will establish a GRE tunnel between the Master and Local. PAPI is used for config download and control channels for ARM and Wireless Intrusion Detection System (WIDS) communication to the master controller, so essentially control plane trsffic. If you are using CPSEC PAPI will be sent encrypted in IPSEC if not it will be sent unencrypted.


  • 3.  RE: Master-Local tunnel formation

    EMPLOYEE
    Posted Apr 05, 2018 08:12 AM
    @VB wrote:

    Hi,

    I am new to aruba products. Could you please explain the tunnel formation that is happening in master-local.

    1. My AP is forming a PAPI tunnel with the master and then it checks the lms ip which is the local controller's IP.

    2. Now my AP will it form PAPI tunnel at first with the local controller or is it GRE and then PAPI

    Thank you in advance

    1. By default the control channel is ipsec.  It is papi if cpsec (control plane security) is turned off.  The lms-ip is checked on the first controller and if it exists the AP is redirected to the controller at that ip address and the ipsec or papi connection is setup between that access point and that controller where it gets its instructions.

    2.  Again, the control channel is ipsec by default.  After the access point gets its instructions, traffic to and from clients on that AP is sent over a GRE tunnel after the SSIDs are setup.

     

    For a full list of firewall ports between Aruba Networks Components, please see here:  http://www.arubanetworks.com/techdocs/ArubaOS_6_5_4_X_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Port_Info/Communication_Between__D.htm



  • 4.  RE: Master-Local tunnel formation

    Posted Apr 05, 2018 08:43 AM

    Thank you.

    I have few more doubts. My AP is forming PAPI tunnel with the LMS and then it forms GRE. Incase if my local controller [lms] is down then my AP will miss  GRE HB [8seconds] and then will it wait even for PAPI or will it bootstrap ?



  • 5.  RE: Master-Local tunnel formation

    EMPLOYEE
    Posted Apr 05, 2018 09:28 AM

    It will bootstrap.