I have two questions about port based tunnel node configuration:
1- In configuration steps, there is no authentication mechanism within PAPI channel between switch and Mobility Controller. Aruba added CPSEC for AP authentication and control channel encryption, but tunnel node still running PAPI. What is the best practice here to avoid rough switches connecting to mobility controller and trying to establish tunnel port GRE tunnel.
2- How aaa profile is chosen? is it: aaa profile configured on VLAN in MC, otherwise "default tunnel node user" aaa profile? any other considerations?
Thank you,