What is cluster security and how does it guarantee secure communication?

MVP Expert
MVP Expert
Requirement:

How are the control plane messages exchanged between Master and Slaves secured in an Aruba Instant deployment?



Solution:

Starting 4.3.1.0, cluster security is used to provide secure control plane communication between IAP cluster nodes.

Control plane messages between cluster members like configuration, cluster join and related messages are secured using this protocol.

It runs on UDP port 4434 and uses DTLS protocol to secure messages.

 

A DTLS connection is established between communicating peers / IAPs.

  • Mutual authentication is done between the  IAPs using device certificate.
  • Additionally peer MAC address validation against "AP whitelist" can be enabled in the configuration.
  • Control plane messages between cluster members are transmitted securely using the DTLS connection established.
    • ECDHE-RSA-AES128-SHA256 is the cipher suite used for the DTLS connection.

 



Configuration:

 

CLI

 

WebUI



Verification

show cluster-security

show cluster-security connections

show cluster-security peers

show cluster-security stats

show log papi handler

 

 

 

 

 

Version history
Revision #:
2 of 2
Last update:
‎03-31-2019 10:47 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: