Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

CPSec and Bridge Mode

This thread has been viewed 7 times

  • 1.  CPSec and Bridge Mode

    Posted Sep 30, 2016 04:13 PM

    Hello,

    I would like to create a new SSID for Bridge to the local VLAN that the AP resides on. I understand that CPSEC must be enabled and the AP whitelisted for bridging to work. However, because this is a test, I do not wish to whitelist all the AP's on my corp network and interrupt guest/production wireless services. I simply want to add an AP that is on a test VLAN/Network and test bridging functionality.  Is this possible, or is it an all or nothing approach? I have read through the CPSEC chapter and it is not very clear.

    Honestly, I wanted to enable CPSec during the initial controller installation for added security, but was advised not to by our engineer on the project.  I dont remember specifially what their reasoning was at the time.

    Thank you.



  • 2.  RE: CPSec and Bridge Mode

    EMPLOYEE
    Posted Sep 30, 2016 04:15 PM
    It will effect the whole controller. You can turn on auto whitelisting so all the APs will come back but you will still take a short down time whole the APs reboot with a secure channel.


  • 3.  RE: CPSec and Bridge Mode

    Posted Sep 30, 2016 04:19 PM

    Tim,

    Thanks for the info. I was afraid it was an all or nothing setting.

    And best practice is to turn off auto-provisioning when all the AP's have completed?



  • 4.  RE: CPSec and Bridge Mode
    Best Answer

    EMPLOYEE
    Posted Sep 30, 2016 04:30 PM
    That's up to your security policy. Many folks leave it enabled as the controller owns the AP once it connects.