Wireless Access

Reply
Occasional Contributor I

Master-Local tunnel formation

Hi,

I am new to aruba products. Could you please explain the tunnel formation that is happening in master-local.

1. My AP is forming a PAPI tunnel with the master and then it checks the lms ip which is the local controller's IP.

2. Now my AP will it form PAPI tunnel at first with the local controller or is it GRE and then PAPI

Thank you in advance

Re: Master-Local tunnel formation

The AP will establish a GRE tunnel between the Master and Local. PAPI is used for config download and control channels for ARM and Wireless Intrusion Detection System (WIDS) communication to the master controller, so essentially control plane trsffic. If you are using CPSEC PAPI will be sent encrypted in IPSEC if not it will be sent unencrypted.

ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Guru Elite

Re: Master-Local tunnel formation


@Sandeep_ragav wrote:

Hi,

I am new to aruba products. Could you please explain the tunnel formation that is happening in master-local.

1. My AP is forming a PAPI tunnel with the master and then it checks the lms ip which is the local controller's IP.

2. Now my AP will it form PAPI tunnel at first with the local controller or is it GRE and then PAPI

Thank you in advance


1. By default the control channel is ipsec.  It is papi if cpsec (control plane security) is turned off.  The lms-ip is checked on the first controller and if it exists the AP is redirected to the controller at that ip address and the ipsec or papi connection is setup between that access point and that controller where it gets its instructions.

2.  Again, the control channel is ipsec by default.  After the access point gets its instructions, traffic to and from clients on that AP is sent over a GRE tunnel after the SSIDs are setup.

 

For a full list of firewall ports between Aruba Networks Components, please see here:  http://www.arubanetworks.com/techdocs/ArubaOS_6_5_4_X_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Port_Info/Communication_Between__D.htm



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Master-Local tunnel formation

Thank you.

I have few more doubts. My AP is forming PAPI tunnel with the LMS and then it forms GRE. Incase if my local controller [lms] is down then my AP will miss  GRE HB [8seconds] and then will it wait even for PAPI or will it bootstrap ?

Guru Elite

Re: Master-Local tunnel formation

It will bootstrap.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: