Hi, You can also use "sh dtls

Mohamed Sayed · ‎11-23-2014

hi,

I need to know how can I confirm using command line or GUI of WLC WISM2 7.4 the CAPWAP tunnel is encrypted?!

I know that CAPWAP tunnel is usually encrypted not option, right ?!

Rasika Nayanajith · ‎11-23-2014

No, it is a configurable option. By default all CAPWAP control packets are encrypted & not CAPWAP data packets. AP should support DTLS encryption & it may affect the performance of the AP. Refer below for detail

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configuration/guide/c70/c70lwap.html#wp1508163

You can configure it using CLI like below

config ap link-encryption {enable | disable} {all | Cisco_AP}

You can verify it using below CLI

show ap link-encryption all

HTH

Rasika

**** Pls rate all useful responses ****

Mohamed Sayed · ‎11-23-2014

thanks Manannalage ras... for your reply,

but does it require a license?if yes how can I verify that i have it or not?

thanks

Rasika Nayanajith · ‎11-23-2014

Hi Mohamed,

DTLS license should be enabled by default on your WLC (unless it has LDPE image).

See below for detail

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn76mr03.html#pgfId-1162652

HTH

Rasika

**** Pls rate all useful responses ****

George Stefanick · ‎11-24-2014

+5 Ras ..

Something else to add, when you use Office Extends, for example, AP600 the tunnel is automagically encrypted .. Its little things like this that drive me crazy!

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Rasika Nayanajith · ‎11-24-2014

Thank you George :)

Dhiresh Yadav · ‎11-24-2014

Hi,

You can also use "sh dtls connection" to see all the dtls tunnels ( capwap data or capwap control ) between AP and controllers with their cipher suites in use.

Regards

Dhiresh

**Please rate helpful posts**

Cisco WLC CAPWAP tunnel encryption