Wireless Access

Reply
PVS
Occasional Contributor II

Master-Local tunnel formation

Hi,

I am new to aruba products. Could you please explain the tunnel formation that is happening in master-local.

1. My AP is forming a PAPI tunnel with the master and then it checks the lms ip which is the local controller's IP.

2. Now my AP will it form PAPI tunnel at first with the local controller or is it GRE and then PAPI

Thank you in advance

Re: Master-Local tunnel formation

The AP will establish a GRE tunnel between the Master and Local. PAPI is used for config download and control channels for ARM and Wireless Intrusion Detection System (WIDS) communication to the master controller, so essentially control plane trsffic. If you are using CPSEC PAPI will be sent encrypted in IPSEC if not it will be sent unencrypted.

ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Guru Elite

Re: Master-Local tunnel formation


@PVS wrote:

Hi,

I am new to aruba products. Could you please explain the tunnel formation that is happening in master-local.

1. My AP is forming a PAPI tunnel with the master and then it checks the lms ip which is the local controller's IP.

2. Now my AP will it form PAPI tunnel at first with the local controller or is it GRE and then PAPI

Thank you in advance


1. By default the control channel is ipsec.  It is papi if cpsec (control plane security) is turned off.  The lms-ip is checked on the first controller and if it exists the AP is redirected to the controller at that ip address and the ipsec or papi connection is setup between that access point and that controller where it gets its instructions.

2.  Again, the control channel is ipsec by default.  After the access point gets its instructions, traffic to and from clients on that AP is sent over a GRE tunnel after the SSIDs are setup.

 

For a full list of firewall ports between Aruba Networks Components, please see here:  http://www.arubanetworks.com/techdocs/ArubaOS_6_5_4_X_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Port_Info/Communication_Between__D.htm


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
PVS
Occasional Contributor II

Re: Master-Local tunnel formation

Thank you.

I have few more doubts. My AP is forming PAPI tunnel with the LMS and then it forms GRE. Incase if my local controller [lms] is down then my AP will miss  GRE HB [8seconds] and then will it wait even for PAPI or will it bootstrap ?

Guru Elite

Re: Master-Local tunnel formation

It will bootstrap.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: