The AP to controller tunnel (control) is using PAPI as you found out already.
PAPI is running inside IPSec by default (CPsec), it will show as udp port 4500 on the network; only if you disable CPsec, the PAPI traffic will run over port 8211 without tunnel; and the recommended method is CPsec enabled.
In a cluster scenario, the AP will build a PAPI/IPSec tunnel to both active and secondary controllers. When the active controller is lost, the secondary controller will take over immediately.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Feb 06, 2023 06:56 AM
From: sdhanapal
Subject: Clustering
Hi All,
In AOS 8.x clustering, any new updates on this. Not related to AOS 10 but some new concepts included in AOS 8.X. My student guide didn't come up with new updates. And I have query on the IPSEC tunneling in clustering during failover of A-AAC or A-UAC. How does it work in case of failover?
A-UAC controller has GRE tunneling to AP, what kind of tunneling is implemented between A-AAC and AP?
In case of clustering how does PAPI is established? Is it inside IPSEC or outside?
In case of Standalone controller how does PAPI is established? Is it inside IPSEC or outside?
Cheers,
Santhosh