cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
825
Views
10
Helpful
5
Replies

Mobility group - high cipher option.

Murinos
Beginner
Beginner

Good day!

I wonder, what does "High Cipher" option do in Mobility Group member setup? This is 8.10.105 release.

Please, look at the screenshot attached.

 

I could not find any mention of it neither in the configuration guide for release 8.10 nor anywhere else...

 

Thanks!

 

1 Accepted Solution

Accepted Solutions

Thank you for reminding me of that old thread.

You are right about documentation about that "high cipher option", I cannot find anything on cisco.com about it either.

 

Here is what I think, it is for cipher suites support for a key length longer than 128 bits.

Again, Cisco should provide more context around what exactly that feature means to avoid confusion. If I get anything else, I will keep you posted here.

 

Thank you

Rasika

View solution in original post

5 Replies 5

Rasika Nayanajith
VIP Mentor VIP Mentor
VIP Mentor

This will enable encrypted mobility messaging (CAPWAP DTLS based) instead of unencrypted EoIP

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/encrypted_mobility_tunnel.html 

 

HTH

Rasika

*** Pls rate all useful responses ***

@Rasika Nayanajith Thank you for the reply! I appreciate it a lot.

 

I'll try to be more specific.

 

As you have already mentioned here https://community.cisco.com/t5/other-wireless-mobility-subjects/mobility-control-amp-data-encryption/m-p/3955950/highlight/true#M101919 , encrypted mobility messaging via CAPWAP DTLS is enabled by 2 commands:

config mobility group member add peer-mac-addr peer-ip-addr group-name encrypt enable | disable} (which is Secure Mobility - Enabled in GUI)

config mobility group member data-dtls peer-mac-addr enable | disable(which is Data Tunnel Encryption - Enabled in GUI)

 

The same is described in the configuration guide for 8-10 you provided earlier https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/encrypted_mobility_tunnel.html 

 

I believe these 2 commands will make the WLCs to use CAPWAP DTLS instead of EoIP for Mobility Data traffic indeed.

 

What I am asking about is "High Cipher" selection. Please look at the screenshot. I've highlighted additional 3rd option we can use with the previous 2 commands. But I can't find it's description anywhere and this is what I'm asking about.

 

333.png

 

Thank you for reminding me of that old thread.

You are right about documentation about that "high cipher option", I cannot find anything on cisco.com about it either.

 

Here is what I think, it is for cipher suites support for a key length longer than 128 bits.

Again, Cisco should provide more context around what exactly that feature means to avoid confusion. If I get anything else, I will keep you posted here.

 

Thank you

Rasika

@Rasika Nayanajith You were right, I've asked TAC about it and they confirmed your version. They created a bug to fix this docomentation, so waiting for announce in next version of Deployment Guide. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu45944

Thank you for the bug to fix that documentation & give more clear information about those DETLS high ciphers options

 

Rasika 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers