Wireless Access

Reply
Highlighted
New Contributor

PAPI Port Confusion

Hi Experts,

 

Good Day!

 

I am currently preparing for my ACMA exam and would like to clear some confusion that i have, I know PAPI uses 8211, however i am not able to find the exact port number used for secure PAPI.

 

Also when would one use normal PAPI and Secure PAPI?

 

 

Highlighted
Contributor II

Re: PAPI Port Confusion

Hello,

 

I believe that Papi and Secure Papi use the same port, as you mentioned 8211. (Unsure on the port)

 

"PAPI Enhanced Security configuration provides protection to Aruba devices, AirWave, and ALE against malicious users sending fake messages that result in security challenges"

 

This is done by using a key to authenticate any messages sent. If the key doesn't match then it will be dropped/ignored. Please see the below link I found.

 

https://www.arubanetworks.com/techdocs/ArubaOS_84_Web_Help/content/arubaframestyles/papi%20enhanced%20security/config_papi_enhanc_secur_feat.htm

 

In my personal opinion - Using Secure Papi is only necessary when the appropriate network restrictions are not in place and users can access certain VLANs were "approved" Aruba devices sit, I.E a user being able to access the AP VLAN. If users can access the AP VLAN then i would suggest tightening the security so they cant, and if you are unable to then enabling Papi enhanced security.

 

Thanks

 

 

Ben Casey
Highlighted
Moderator

Re: PAPI Port Confusion

Secure PAPI uses udp/8209, generally speaking the administrator of the system doesn't have to concern themselves with allowing or permitting these packets as they are taken care of in the control and sys-control ACLs.

 

Secure PAPI will kick in when an AP is operating in CPSec mode or RAP and is generally kept within the IPSec tunnels to/from AP.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: