Hello Collin thanks for answering my tread
Answering you
1-It has less security cause of what i said or at least thats what the VRD tells you, that the security is enhanced on tunnel mode
"By centralizing encryption and decryption at the mobility controller,
network security is enhanced because encryption keys are never sent to the APs. The keys are securely
stored on the mobility controller."
Reference
http://www.arubanetworks.com/pdf/technology/DG_Mobility-Controllers-Deployment-Models-5.0-VRD.pdf
page 40
"When a remote AP or campus AP is in bridge mode, the AP (and not the controller) handles all 802.11
association requests and responses, encryption/decryption processes, and firewall
enforcement. The 802.11e and 802.11k action frames are also processed by the AP, which then sends out responses as needed"
User guide page 152 Aruba AOS 6.1
If i missunderstood the VRD and user guide explanation sorry and well if yhou could tell me if this does not matter and why.
2-Okay i got a quetion here let say on the remote site the AP is on vlan 10 but i dont want my wireless being on the same vlan that the APS wont asyou has mention before is a bad practice and we should have the Wireless on a vlan alone and not with wired devices!, i need to create a new VLAN and tag it to the AP and tell it on the virtual AP let say i create a new vlan 15 for the wireless i tag that vlan to the ap and put that vlan 15 on the VAP? im wrong in this statement collin?
3-Less features
Well at least the User guides does point you a list of features you loose on bridge mode page 803
Most ArubaOS features are supported in all forwarding modes. However, there are a some features that are
not supported in one or more forwarding modes. Campus APs do not support split-tunnel forwarding mode
and the decrypt-tunnel forwarding mode does not support TKIP Counter measure management on campus
APs or remote APs.
Bridge mode
Firewall—SIP/SCCP/RTP/RTSP Voice Support
Firewall—Alcatel NOE Support
Voice over Mesh
Video over Mesh
Named VLAN
Captive portal
Rate Limiting for broadcast/multicast
Power save: Wireless battery boost
Power save: Drop wireless multicast traffic
Power save: Proxy ARP (global)
Power save: Proxy ARP (per-SSID)
Automatic Voice Flow Classification
SIP ALG
SIP: SIP authentication tracking
SIP: CAC enforcement enhancements
SIP: Phone number awareness
SIP: R-Value computation
SIP: Delay measurement
Management: Voice-specific views
Management: Voice client statistics
Management: Voice client troubleshooting
Voice protocol monitoring/reporting
SVP ALG
H.323 ALG
Vocera ALG
SCCP ALG
NOE ALG
Layer 3 Mobility
IGMP Proxy Mobility
Mobile IP
TKIP countermeasure mgmt
Bandwidth based CAC
Dynamic Multicast Optimization