Why encrypt ? because other use on the switch we don't see the traffic...
@redford1980 wrote:I’d like to other assurance that these networks are in separate encryption domains.Tunneled Node operates over GRE, so it tunnels. It does not encrypt traffic.Ideally I’d like users in different departments to authenticate with dot1x using certs ... then Clearpass looks at their AD group membership and gives them a role / ACL based on that.You can definitely do that on a switchport. That is separate from tunneled node.Each switch port uses an encrypted tunnel back to the controller much like you find on wireless.Tunneled node is GRE so it does not provide that. It is a transport that extends your wired network out further.On wireless you get your own encrypted tunnel back to the controller then a role. I would like the same for wired if possible? On wireless, encryption is provided by the client. Most client application traffic nowadays is encrypted, so encrypting it further would add overhead and complexity. Even clients in the same VLAN would only be able to see broadcast/multicast traffic from other clients, anyways...similar to a wired network. If someone was tapping into your wired network and looking at your traffic, that would mean that you do not have the uplinks on your switch infrastructure physically secured. Again..most applications nowadays are encrypted.Thanks
You certainly can do that.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.