This was on AOS 8 RAP deployment, when trying to modify the SSID profile at the site level, it shows an error regarding the forward mode, but if you go down a level, it lets you modify the SSID profile, creating a local override - but the config status goes to Config Failure because it’s not supported.
Haven’t tested in AOS 10/Central.
Seems like this would be a problem for a lot of customers trying to move to WPA3, just curious why it’s a requirement when it doesn’t appear to be a limitation of WPA3 itself.
Thanks!
Original Message:
Sent: 1/25/2025 11:34:00 AM
From: mvanoverbeek
Subject: RE: WPA3 + Split-Tunnel
Hi Michael,
Sorry I don't have an answer for you but I am curious what you observed, is this for an AOS 8 RAP deployment or an AOS microbranch? There is no mention in the guide below about this?
https://arubanetworking.hpe.com/techdocs/VSG/docs/080-sd-branch-deploy/esp-sd-branch-deploy-110-cl2/#split-tunnel-in-cl2
As far as I can recall, you just follow the steps below.
https://arubanetworking.hpe.com/techdocs/VSG/docs/080-sd-branch-deploy/esp-sd-branch-deploy-130-configuring-cl2-ap/#configure-split-tunnel-in-cl2
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------
Original Message:
Sent: Jan 25, 2025 10:57 AM
From: mharing
Subject: WPA3 + Split-Tunnel
Hi all,
Can someone explain the reason why split-tunnel mode is not supported while using wpa3-ccm-128-aes encryption? I tried digging through the Wi-Fi Alliance papers on WPA3 and I didn't see anywhere that it was a requirement for all traffic to be tunneled back to a controller. It also seems other vendors support a flavor of split-tunnel operation with WPA3 encryption. Is this an Aruba practice or is there a fundamental requirement by WPA3 to only tunnel traffic?
Thanks for the help!
------------------------------
Michael Haring
------------------------------