Product and Software: This article applies to all Aruba controllers and ArubaOS 3.x.
The double-encrypt option is applicable for remote access points (RAPs). By default, it is disabled.1. In disabled mode (the default mode), all non-GRE traffic, that is, PAPI traffic, is encrypted by IPsec by using the encryption method configured for that RAP. All GRE traffic, such as, the user data and bootstrap heartbeat, is not encrypted by IPsec, but is still encapsulated by IPsec.2. In enabled mode, all traffic is encrypted by IPsec. That means all wireless traffic that has been encrypted using WPA, WPA2, or WEP is encrypted again by IPsec, which is why it is called double encryption. The disadvantage of double encryption is that it drops the maximum throughput to 2 Mb/s only for legacy APs because all the IPsec encryption is done by software, not hardware. So the best scenario to enable double encryption is when SSID of the RAP use null encryption (opensystem) for the wireless traffic.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.