An administrator deploys an AP at a branch office. The branch office has a private WAN circuit that provides connectivity to a corporate office controller. An
Ethernet port on the AP is connected to a network storage device that contains sensitive information. The administrator is concerned about sending this traffic in clear-text across the private WAN circuit.
What can the administrator do to prevent this problem?
To prevent sensitive information from being transmitted in clear-text across the private WAN circuit, the administrator can convert the campus AP into a Remote AP (RAP). RAPs have IPSec tunnels for management traffic, which encrypts the data between the AP and the controller, ensuring that sensitive information is securely transmitted. This provides an effective solution for securing the data without the need for additional encryption mechanisms on the wired ports.
The answer is B. Only RAP have IPSec tunnels for management traffic
I think it's B
Per the Aruba ACMP boot camp books - page 407, RAPs and controllers must autheticate to each other to form the IPSec tunnel. The basis of authentication is either Pre-Shared Keys (PSK) or certificates.
Answer should be C. Redirect the wired port traffic to an AP-to-controller GRE tunnel. In the Virtual AP profile, select Tunnel as the forwarding mode. Tunnel: The AP handles all 802.11 association requests and responses, but sends all 802.11 data packets, action frames and EAPOL frames over a GRE tunnel to the managed device for processing. The managed device removes or adds the GRE headers, decrypts or encrypts 802.11 frames and applies firewall rules to the user traffic as usual. Both remote and campus APs can be configured in tunnel mode.
Just curious, Is there a wired access point? or the access point only for WiFi?
B as previously mentioned by others
B is correct. ap wired-ap-profile tunnel mode In this default forwarding mode, the AP handles all 802.11 association requests and responses, but sends all 802.11 data packets, action frames, and EAPOL frames over a GRE tunnel to the managed device for processing. The managed device removes or adds the GRE headers, decrypts or encrypts 802.11 frames and applies firewall rules to the user traffic as usual.
Sorry I made a mistake, I meant to say that the correct answer is C.