What is a feasible option to protect PAPI traffic between AOS-CX switches and the gateway running AOStO?

Elevate your skills with the HPE Aruba Networking Certified Professional Test. Prepare effectively with flashcards and multiple choice questions, each with helpful insights and explanations. Boost your readiness and ace the exam!

Multiple Choice

What is a feasible option to protect PAPI traffic between AOS-CX switches and the gateway running AOStO?

Explanation:
Protecting PAPI traffic requires securing the communication channel between the AOS-CX switches and the AOStO gateway. An IPSec tunnel establishes an encrypted IP-layer path, so all PAPI packets are encrypted and authenticated as they traverse the network. This provides confidentiality, integrity, and peer authentication for the management/control traffic, which is essential when the data travels across potentially untrusted links. Using an MD5 HMAC would protect integrity and authenticate messages, but it does not encrypt the payload, so the contents of PAPI messages would still be readable. A GRE tunnel only encapsulates packets without encryption, so it protects nothing about confidentiality unless paired with an encryption mechanism like IPsec. No action would leave PAPI traffic exposed to eavesdropping and tampering. Therefore, implementing an IPSec tunnel is the appropriate way to protect PAPI traffic.

Protecting PAPI traffic requires securing the communication channel between the AOS-CX switches and the AOStO gateway. An IPSec tunnel establishes an encrypted IP-layer path, so all PAPI packets are encrypted and authenticated as they traverse the network. This provides confidentiality, integrity, and peer authentication for the management/control traffic, which is essential when the data travels across potentially untrusted links.

Using an MD5 HMAC would protect integrity and authenticate messages, but it does not encrypt the payload, so the contents of PAPI messages would still be readable. A GRE tunnel only encapsulates packets without encryption, so it protects nothing about confidentiality unless paired with an encryption mechanism like IPsec. No action would leave PAPI traffic exposed to eavesdropping and tampering.

Therefore, implementing an IPSec tunnel is the appropriate way to protect PAPI traffic.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy