Wireless Access

last person joined: 8 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Master-Local Centralized licensing messages

Jump to Best Answer
  • 1.  Master-Local Centralized licensing messages

    Posted Jul 04, 2017 06:27 AM

    By default, Master and Local controllers communicate via IPSec Tunnel with factory certificates.

     

    What about Centralized licensing messages between master and local controllers? In what way are they sent?

     

    IPSec or Clear unencrypted?

     

     

     

     



  • 2.  RE: Master-Local Centralized licensing messages
    Best Answer

    Posted Jul 04, 2017 08:34 AM

    Hi Kciko,

     

    As you have IPsec tunnels between the controllers, the licensing will be exchanged through that IPsec tunnel.

     

     

     



  • 3.  RE: Master-Local Centralized licensing messages

    Posted Jul 04, 2017 05:50 PM
    Licenses are syncronised unencrypted.

    And ther is no need to encrypt because license is bound to the controller serial and mac when registered.

    See also
    http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/New_Licenses/Multi__Network.htm


  • 4.  RE: Master-Local Centralized licensing messages

    Posted Jul 04, 2017 05:51 PM
    Licenses are syncronised unencrypted.

    And ther is no need to encrypt because license is bound to the controller serial and mac when registered.

    See also
    http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/New_Licenses/Multi__Network.htm


  • 5.  RE: Master-Local Centralized licensing messages

    Posted Jul 05, 2017 02:39 AM

    Hi Marcelkoedjk,

     

    From the guide:

     

    "Establish secure IPsec tunnels between the primary licensing server controller and the licensing client controllers by enabling control plane security on that cluster of master controllers, or by creating site-to-site VPN tunnels between the licensing server and client controllers. This step is not required, but if you do not create secure tunnels between the controllers, the controllers will exchange clear, unencrypted licensing information. This step is not required for a master-local topology."

     

    "If the tunnel is not established by the user, the messages exchanged between the master controllers will be sent in clear."

     

    So from that parapgraph, I'd say that if you have IPsec between your controllers that will traffic be encrypted.

     

    Additionally: https://community.arubanetworks.com/t5/Controller-Based-WLANs/What-port-numbers-should-be-alllowed-to-enable-centrallized/ta-p/233977

     

     

     

     



  • 6.  RE: Master-Local Centralized licensing messages

    Posted Jul 05, 2017 02:49 AM

    Yes, it makes sense.

    So, if you have IPSec, license are exchanged in encrypted mode.

     

    By default, is IPSec established between controllers ???