Hi
Yes. I have set it up now... I waited for my last 535 (delayed 5 months...). So now I removed the last 225 AP, so I only have 535:s and one 505. After removing the 225 I upgraded from 8.6 to 8.10.0.2 as I was no longer bond to 8.6. After this I went on for DTLS... I first checked the NTP was set up properly and double checked the time in each AP ( I only have 6). After that I enabled DTLS.
I cannot say I have noted anything negative at all. And nothing noted on performance. I *guess* the CPU usage for the encrypted control traffic between the AP:s is very low. I should have enabled DTLS for security reasons years ago... But now it is enabled, and with no negative impact at all. *Maybe* you could see some performance impact if you have weaker hardware than my 535:s. But I guess from me would be that you won't notice this even with weaker hardware. Maybe any Aruba expert could make a statement on this.
I think I have read though, that there are new things to make notes of when adding/joining new APs to a cluster when DTLS is enabled. Maybe there are more things to make notes of as well. If so, I will probably run into that at some point :)
However... I would appreciate if any Aruba guy could post here and tell if there is a reason DTLS is not enable by default? As it increases security and seems to have no impact, why isn't it on by default?
//Peo
Original Message:
Sent: Aug 15, 2022 03:48 PM
From: Derrick Mertz
Subject: Enable DTLS IAP cluster security
@pos42 - Did you set this up, and if so, did you determine if there's any noteworthy overhead or impact on performance after enabling DTLS?
Original Message:
Sent: Feb 10, 2022 02:56 PM
From: Per-Olov Sj�holm
Subject: Enable DTLS IAP cluster security
Hi
If anyone is sitting with some good knowledge about this I would appreciate a statement very much.
Q1
Are there any technical drawbacks or any other thing that could cause head ace by enabling DTLS cluster security ? Asking as I think this otherwise would default be on instead of default off. Performance? Any features that cannot be used if enabled?
Q2
What certificate does it use for the encryption? The built in device certificate that has 10 year lifetime and ends year 2032? Just want to know if I by enabling DTLS will have to to any additional task with regular intervals to not break my IAP cluster encryption. Like for example renew certificates or so... I really hope id won't use my own certificate and CA I installed for the IAP web access, which is also in the certificate list.
I use an instant setup with two 535 and two 225 running 8.6.0.16.
Many thanks in advance
/Peo
------------------------------
Per-Olov Sj�holm
------------------------------