Aruba IAP Master Election Beacon Packets and How to Decrypt them


Why is the payload of a IAP's Master Election Beacons encrypted and how to decrypt them


The Master Election Protocol enables the Aruba Instant network to dynamically elect an IAP to take on a VC role. This protocol ensures stability of the network during initial startup or when the VC goes down by allowing graceful failover to a new Virtual Controller when the existing VC is down.

The beacons are Layer 2 data unit just like BPDU.

There are instances where we will be able to see the payload inside these Beacons and sometimes they are encrypted.

The reason why these packets seems encrypted is because of the version of Wireshark in which it is viewed. The legacy wireshark application does not support aruba_iap beacons decryption. 


However, from Wireshark version 1.12.0 to 2.6.3 and its future releases support IAP's Master Beacons decryption. It can be filtered using the protocol "aruba_iap"


The pay load has the vital information like VC IP address, Port VLAN ID, Uptime information etc., These information will be helpful in analyzing issues related to IAP clustering, layer 2 broadcasts.

Wireshark Reference link -

Version history
Revision #:
2 of 2
Last update:
‎03-15-2019 01:30 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: