@VB wrote:
Hi,
I am new to aruba products. Could you please explain the tunnel formation that is happening in master-local.
1. My AP is forming a PAPI tunnel with the master and then it checks the lms ip which is the local controller's IP.
2. Now my AP will it form PAPI tunnel at first with the local controller or is it GRE and then PAPI
Thank you in advance
1. By default the control channel is ipsec. It is papi if cpsec (control plane security) is turned off. The lms-ip is checked on the first controller and if it exists the AP is redirected to the controller at that ip address and the ipsec or papi connection is setup between that access point and that controller where it gets its instructions.
2. Again, the control channel is ipsec by default. After the access point gets its instructions, traffic to and from clients on that AP is sent over a GRE tunnel after the SSIDs are setup.
For a full list of firewall ports between Aruba Networks Components, please see here: http://www.arubanetworks.com/techdocs/ArubaOS_6_5_4_X_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Port_Info/Communication_Between__D.htm