Hi Keith and Michael— That is correct. We recently experienced a meltdown on our campus due to this very issue. We had to enable cpsec and that seems to have fixed the issue then snow hit our area and we have not hit anywhere near the normal level of traffic so we are, at this point, “cautiously optimistic” . I don’t consider this a permanent fix and have been assured the fix to place PAPI traffic into separate queues will be in 8.3 and 8.5 code trains.
I would warn that you need to be careful because this causes control traffic from the AP to be sourced through the IPSEC tunnel and over the controller uplink. If you have IP Spoofing deployed then you will have to allow APs’ IP traffic. Amel From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of "Miller, Keith C" <keith.mil...@unc.edu> Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Date: Wednesday, January 15, 2020 at 6:40 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why? Hi Michael, Currently we do not and yes, that is the situation as I understand it. The PAPI traffic between APs and the controllers use the same queue that the controller to controller heartbeats use. Enabling CPSec moves that traffic traffic to a different queue. We’re expecting to enable CPSec in Resnet today. Regards, Keith From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Michael Davis <da...@udel.edu> Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Date: Tuesday, January 14, 2020 at 3:56 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why? Do you run CPSEC on your APs? I've heard that non-CPSEC AP connections can contend with the controller cluster heatbeats and cause disconnect. On 1/14/20 3:37 PM, Miller, Keith C wrote: Hi Trent, No not related to AirGroup, but we’ve had problems with AirGroup server leaks in the past on 8.4 – One of the solutions was to configure AirGroup in centralized mode at the group level. The other problems are related to the 515s and we are suffering from cluster disconnects in a few of our 8.x environments for what seems to be varying reasons. Regards, Keith -- Mike Davis IT - University of Delaware - 302.831.8756 Newark, DE 19716 Email da...@udel.edu<mailto:da...@udel.edu> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
