Aruba IAP Master Election Beacon Packets and How to Decrypt them
Why is the payload of a IAP's Master Election Beacons encrypted and how to decrypt them
The Master Election Protocol enables the Aruba Instant network to dynamically elect an IAP to take on a VC role. This protocol ensures stability of the network during initial startup or when the VC goes down by allowing graceful failover to a new Virtual Controller when the existing VC is down.
The beacons are Layer 2 data unit just like BPDU.
There are instances where we will be able to see the payload inside these Beacons and sometimes they are encrypted.
The reason why these packets seems encrypted is because of the version of Wireshark in which it is viewed. The legacy wireshark application does not support aruba_iap beacons decryption.
However, from Wireshark version 1.12.0 to 2.6.3 and its future releases support IAP's Master Beacons decryption. It can be filtered using the protocol "aruba_iap"
The pay load has the vital information like VC IP address, Port VLAN ID, Uptime information etc., These information will be helpful in analyzing issues related to IAP clustering, layer 2 broadcasts.
Wireshark Reference link - https://www.wireshark.org/docs/dfref/a/aruba_iap.html