In decrypt-tunneled forwarding mode, what is true?

In decrypt-tunneled forwarding mode, the Access Point (AP) is responsible for decrypting the traffic it receives before forwarding it to the controller through a GRE (Generic Routing Encapsulation) tunnel. This means that the AP first decrypts the encrypted data packets coming from wireless devices, ensuring that the actual data is in a readable format. Once this data is decrypted, the AP encapsulates it into a GRE tunnel and sends it securely to the controller for further processing.

This is important for maintaining network security while allowing the controller to manage the network effectively. By decrypting the data at the AP level, the system can optimize bandwidth and reduce the processing load on the controller, which can then focus on routing and managing access policies rather than dealing with encryption and decryption processes.

The other options do not accurately describe decrypt-tunneled forwarding mode. For example, while the AP does decrypt the traffic, it does so before tunnel transmission rather than applying no encryption at all or sending clear-text frames directly. The decryption process is not solely handled by the controller, as it begins at the AP, making the assertion that the controller exclusively handles all decryption inaccurate.