Managed Device Feature Overview

ArubaOS supports these distributed enterprises through the following features designed specifically for managed devices in branch and remote offices:

The following diagram depicts a managed device topology where a managed device in the branch office learns the address, routing information, and other provisioning information from the Mobility Master.

Figure 1  Managed Device Topology

Scalable Site-to-Site VPN Tunnels

ArubaOS supports site-to-site IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels based on an FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet.. When you identify the remote peer for a managed device using an FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet., that node configuration can be applied across multiple branch managed devices, as the configured FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. can resolve to different IP addresses for each local branch, based on local DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. settings.

Crypto maps for site-to-site VPNs support a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID as the identifier for the source network. When the VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. settings are pushed to a managed device, the IKE Internet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. negotiation process uses the IP address range for the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. This feature allows multiple managed devices to use a single group of configuration settings defined at a configuration node, as each managed device negotiates a different source network IP for its VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., based on the IP pool for the managed devices defined for that configuration node.

WAN Health Check

The health-check feature uses ping-probes to measure WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. availability and latency on selected uplinks. Based upon the results of this health-check information, the managed device can continue to use its primary uplink, or failover to a backup link. Latency is calculated based on the round-trip time of ping responses. The results of this health check appear in the WAN section of the Monitoring Dashboard.

IPsec Tunnels using GCM ciphers

Starting from ArubaOS 8.6.0.0, an IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel can be established between managed devices and APs using GCM ciphers. The IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel can be established without loading the ECDSA Elliptic Curve Digital Signature Algorithm. ECDSA is a cryptographic algorithm that supports the use of public or private key pairs for encrypting and decrypting information. custom certificates. By default, the APs send the GCM cipher algorithm in the IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. set, along with the current cipher list. New dynamic maps are programmed on the managed devices to establish the IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels with GCM ciphers.

To establish a successful IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel with GCM ciphers, disable the default-rap-ipsecmap dynamic map and ensure that there is an ACR license for each AP in the deployment.

 

220 Series and 550 Series access points do not support GCM ciphers. The IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels are established using AES Advanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. ciphers.