Wireless Access

last person joined: 2 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

CPSec communication to master controller

This thread has been viewed 1 times

  • 1.  CPSec communication to master controller

    Posted Nov 09, 2016 03:55 PM

    We are planning to enable CPSec for a customer, they have a VRRP Master pair and 2 local controllers running HA Fast-failover.

     

    Currently their LMS profile and site DHCP Option 43 are pointing to the nearest local controller.

     

    Will the APs ever need to talk to the Master controllers when we enable CPSec?

     

    Also, is there any benefit to using factory certificates for Master->Local IPSec rather than a PSK? Would changing this across the environment require a reboot of any of the controllers and affect client traffic?



  • 2.  RE: CPSec communication to master controller
    Best Answer

    Posted Nov 14, 2016 11:01 AM

    Hi,

     

    No the APs will not need to communicate with the master controllers in the scenarion you've described. 

     

    When you enable CPSec all the APs will reboot at least once, maybe twice, but the controllers will not require a reboot.

     

    A certificate is more secure than a PSK. 

     

    Cheers

    James