Cloud Managed Networks

 View Only
last person joined: yesterday 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Expand all | Collapse all

WAP3 Enterprise GCM 256 is not working with AP515

This thread has been viewed 19 times
  • 1.  WAP3 Enterprise GCM 256 is not working with AP515

    Posted Jul 05, 2024 03:45 AM

    Hi,

    For some reason when we select WLAN security settings as WPA3 Enterprise GCM 256 it shows as unknown in Aruba central overview.

    For WPA3 Enterprise CNSA it shows but still does not broadcast the SSID to clients. This issue is happening to AP 515. Just wondering what the cause could be.



  • 2.  RE: WAP3 Enterprise GCM 256 is not working with AP515

    Posted Jul 05, 2024 05:15 AM

    I would not expect this to be an issue, but checked myself (AOS 10.6 / Central) and see the configuration sent correctly, and displayed as well, but indeed not broadcasted in WPA3-Enterprise GCM256/CNSA mode.

    I don't see many networks that are configured for CNSA/GCM256 because it's not backward compatible. That's not a reason why it doesn't work, but may be why it's not noticed.

    Can you open a TAC Support Case for this?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: WAP3 Enterprise GCM 256 is not working with AP515

    EMPLOYEE
    Posted Aug 27, 2024 04:24 PM

    Starting in 8.12 and 10.6, the wpa3-aes-gcm-256 and wpa3-cnsa security modes are automatically disabled on 51x and 57x platforms. This is due to lack of hardware encrypt support on these platforms. Software encrypt does not perform well and a decision was made to disable GCM-256 ciphers by default on the affected platforms. If you'd like to use security modes with GCM-256 ciphers on these platforms via software encrypt, you can add gcm-256-sw-encrypt-support to the SSID profile via API.