What is cluster security and how does it guarantee secure communication?
How are the control plane messages exchanged between Master and Slaves secured in an Aruba Instant deployment?
Starting 184.108.40.206, cluster security is used to provide secure control plane communication between IAP cluster nodes.
Control plane messages between cluster members like configuration, cluster join and related messages are secured using this protocol.
It runs on UDP port 4434 and uses DTLS protocol to secure messages.
A DTLS connection is established between communicating peers / IAPs.
- Mutual authentication is done between the IAPs using device certificate.
- Additionally peer MAC address validation against "AP whitelist" can be enabled in the configuration.
- Control plane messages between cluster members are transmitted securely using the DTLS connection established.
- ECDHE-RSA-AES128-SHA256 is the cipher suite used for the DTLS connection.
– show cluster-security
– show cluster-security connections
– show cluster-security peers
– show cluster-security stats
– show log papi handler