Wireless Access

Reply
Highlighted
Frequent Contributor I

Cryptography Used in Aruba Controller

Hi Team,


One of our customer want to know the cryptography details involved in the controller.
Currently they are using WPA2 enterprise with AES.
Controller details- Aruba3400 - OS 6.4.4.19
Aruba7005 - OS 6.4.4.19

 

 

Provide commands which help to get the information below.

 

need to know all the parameter of cryptography for GRE tunnel (forward mode tunnel) from AP to Controller.
TLS / SSL Cipher
TLS Protocol Versions
SSH Ciper (Static Key Type, Key Exchange (KEX), Symmetric Cipher, HMAC, SSH Protocol Versions)

IKE Phase 1 Cryptography :
Encryption
Authentication / Hash
DH Group / PFS

IKE Phase 2 Cryptography :
Encryption
Authentication / Hash
DH Group / PFS


Regards,
Mallikarjun

Highlighted
MVP Guru

Re: Cryptography Used in Aruba Controller

Please check the ArubaOS Datasheet.

 

For the IPSec Phase1 (ISAKMP) and Phase2 (IPSec), you can check the controller/MM:

(MM01) [Testgroup] (config) #crypto isakmp policy 999
(MM01) ^[Testgroup] (config-submode)# ?
authentication          Configure the IKE authentication method
disable                 Disable/Enable IKE policy
encryption              Configure the IKE encryption algorithm
group                   Configure the IKE Diffie Hellman group
hash                    Configure the IKE hash algorithm
lifetime                Configure the IKE lifetime in seconds
no                      Delete Command
prf                     Configure Pseudo Random Function for IKEv2
version                 Select IKE version for the policy

(MM01) ^[Testgroup] (config-submode)#hash ?
md5                     Use MD5 (HMAC variant) as the hash algorithm
sha                     Use SHA1-160 (HMAC variant) as the hash algorithm
sha1-96                 Use SHA1-96 (HMAC variant) as the hash algorithm
sha2-256-128            Use SHA2-256-128 (HMAC variant) as the hash algorithm
sha2-384-192            Use SHA2-384-192 (HMAC variant) as the hash algorithm
(MM01) ^[Testgroup] (config-submode)#encryption ?
3DES                    Use 168-bit 3DES-CBC encryption algorithm
AES128                  Use 128-bit AES-CBC encryption algorithm
AES192                  Use 192-bit AES-CBC encryption algorithm
AES256                  Use 256-bit AES-CBC encryption algorithm
DES                     Use 56-bit DES-CBC encryption algorithm

Similar for Phase2:

(MM01) ^[Testgroup] (config) #crypto ipsec transform-set test ?
esp-3des                Use ESP with 168-bit 3DES encryption
esp-aes128              Use ESP with 128-bit AES encryption
esp-aes128-gcm          Use ESP with the AES 128-bit GCM authentication algorithm
esp-aes192              Use ESP with 192-bit AES encryption
esp-aes256              Use ESP with 256-bit AES encryption
esp-aes256-gcm          Use ESP with the AES 256-bit GCM authentication algorithm
esp-des                 Use ESP with 56-bit DES encryption
esp-null                Use ESP with no encryption
--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: