HPE Community
M and MSM Series
1756754 Members
2366 Online
108852 Solutions
New Discussion юеВ

Re: How secure is the client data tunnel?

 
davehedgehog
Advisor

тАО03-04-2012 10:52 AM

тАО03-04-2012 10:52 AM

How secure is the client data tunnel?

Apologies if this is a repeat post - I thought i'd asked this questio but cant find it now

 

If I was to put an AP at another site and use the client data tunnel to tunnel over the internet back to the controller's internet port, is it secure and if so how secure? I assume the data is encrypted but to what level?

 

 

 

 

0 Kudos
4 REPLIES 4
Fredrik L├╢nnman
Honored Contributor

тАО03-04-2012 01:24 PM

тАО03-04-2012 01:24 PM

Re: How secure is the client data tunnel?

Its not encrypted at all. For encryption you have to enable "Terminate WPA at the controller", which severely limits the maximum number of clients supported to 10 on a MSM710 and 50 on the MSM760 and 765zl. Its all in the MCG pdf.

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

0 Kudos
davehedgehog
Advisor

тАО03-04-2012 02:14 PM

тАО03-04-2012 02:14 PM

Re: How secure is the client data tunnel?

Thanks, i did check that document but it didnt explain in much detail There is a setting that allows me to choose high security/lower performance or lower security/high performance. If the tunnel is not encrypted, what does this relate to please?
0 Kudos
Fredrik L├╢nnman
Honored Contributor

тАО03-04-2012 08:02 PM - edited тАО03-04-2012 08:04 PM

тАО03-04-2012 08:02 PM - edited тАО03-04-2012 08:04 PM

Re: How secure is the client data tunnel? 

* Less security/better performance: This option provides security using a secret key that is attached to each packet. The key is rotated every 200 seconds. 
* High security/less performance : This option uses HMAC (Hash based message authentication code) to ensure the data integrity and authenticity of each packet. 
Performance is reduced due to the overhead needed to calculate HMAC.

Regardless of the security me thod used, the client tunnel does not encrypt the data stream. 
To protect client traffic with encryption requires that client stations use WPA or VPN software.

* Under  Wireless protection, enable  WPA with the Terminate WPA at the controller. This requires client stations that support WPA.
* Use  VPN-based authentication. See  Securing wireless client sessions with VPNs on page 15-3.

 

Chapter 4: Working with VSCs -> VSC Configuration options -> Virtual AP -> Wireless Clients.

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

0 Kudos
davehedgehog
Advisor

тАО03-05-2012 05:22 AM

тАО03-05-2012 05:22 AM

Re: How secure is the client data tunnel?

Thanks Fredrik

 

I understand now, this setting is about how the controller authenticates the data. I thought it was about how it encrypts the data

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.