Motorola AP-51XX 사용자 설명서
AP-51xx Access Point Product Reference Guide
10-6
10.1.6 Securing a Configuration Channel Between Switch and AP
Once an access point obtains a list of available switches, it begins connecting to each. The switch
can be either on the LAN or WAN side of the access point to provide flexibility in the deployment of
the network. If the switch is on the access point’s LAN, ensure the LAN subnet is on a secure channel.
The AP will connect to the switch and request a configuration.
can be either on the LAN or WAN side of the access point to provide flexibility in the deployment of
the network. If the switch is on the access point’s LAN, ensure the LAN subnet is on a secure channel.
The AP will connect to the switch and request a configuration.
10.1.7 Adaptive AP WLAN Topology
An AAP can be deployed in the following WLAN topologies:
•
Extended WLANs - Extended WLANs are the centralized WLANs created on the switch
•
Independent WLANs - Independent WLANs are local to an AAP and can be configured from
the switch. You must specify a WLAN as independent to stop traffic from being forwarded
to the switch. Independent WLANs behave like WLANs on a standalone access point.
the switch. You must specify a WLAN as independent to stop traffic from being forwarded
to the switch. Independent WLANs behave like WLANs on a standalone access point.
•
Both - Extended and independent WLANs are configured from the switch and operate
simultaneously.
simultaneously.
10.1.8 Configuration Updates
An AAP receives its configuration from the switch initially as part of its adoption sequence.
Subsequent configuration changes on the switch are reflected on an AAP when applicable.
Subsequent configuration changes on the switch are reflected on an AAP when applicable.
An AAP applies the configuration changes it receives from the switch after 30 seconds from the last
received switch configuration message. When the configuration is applied on the AAP, the radios
shutdown and re-initialize (this process takes less than 2 seconds) forcing associated MUs to be
deauthenticated. MUs are quickly able to associate.
received switch configuration message. When the configuration is applied on the AAP, the radios
shutdown and re-initialize (this process takes less than 2 seconds) forcing associated MUs to be
deauthenticated. MUs are quickly able to associate.
10.1.9 Securing Data Tunnels between the Switch and AAP
If a secure link (site-to-site VPN) from a remote site to the central location already exists, the AAP
does not require IPSec be configured for adoption.
does not require IPSec be configured for adoption.
For sites with no secure link to the central location, an AAP can be configured to use an IPSec tunnel
(with AES 256 encryption) for adoption. The tunnel configuration is automatic on the AAP side and
requires no manual VPN policy be configured. On the switch side, configuration updates are required
to adopt the AAP using an IPSec tunnel.
(with AES 256 encryption) for adoption. The tunnel configuration is automatic on the AAP side and
requires no manual VPN policy be configured. On the switch side, configuration updates are required
to adopt the AAP using an IPSec tunnel.
NOTE
For a review of some important considerations impacting the use of
extended and independent WLANs within an AAP deployment, see
extended and independent WLANs within an AAP deployment, see
.