Wireless Access

Reply
RWN
Occasional Contributor I

CPSec and Bridge Mode

Hello,

I would like to create a new SSID for Bridge to the local VLAN that the AP resides on. I understand that CPSEC must be enabled and the AP whitelisted for bridging to work. However, because this is a test, I do not wish to whitelist all the AP's on my corp network and interrupt guest/production wireless services. I simply want to add an AP that is on a test VLAN/Network and test bridging functionality.  Is this possible, or is it an all or nothing approach? I have read through the CPSEC chapter and it is not very clear.

Honestly, I wanted to enable CPSec during the initial controller installation for added security, but was advised not to by our engineer on the project.  I dont remember specifially what their reasoning was at the time.

Thank you.

Guru Elite

Re: CPSec and Bridge Mode

It will effect the whole controller. You can turn on auto whitelisting so all the APs will come back but you will still take a short down time whole the APs reboot with a secure channel.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
RWN
Occasional Contributor I

Re: CPSec and Bridge Mode

Tim,

Thanks for the info. I was afraid it was an all or nothing setting.

And best practice is to turn off auto-provisioning when all the AP's have completed?

Guru Elite

Re: CPSec and Bridge Mode

That's up to your security policy. Many folks leave it enabled as the controller owns the AP once it connects.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: