Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter Guia Do Desenho
8-6
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 8 Cisco Wireless Mesh Networking
Wireless Mesh Operation
MAP membership in the wireless mesh can be controlled in a variety of ways. The default mesh AP
authentication is EAP, but Pre Shared Key (PSK) authentication can also be configured. Bridge Group
Name (BGN) is used in addition to authentication to control mesh membership or to segment a wireless
mesh.
authentication is EAP, but Pre Shared Key (PSK) authentication can also be configured. Bridge Group
Name (BGN) is used in addition to authentication to control mesh membership or to segment a wireless
mesh.
Bridge Authentication
When a mesh AP is turned on and connected to the network via a wired Ethernet connection, it joins a
WLC using the following steps:
WLC using the following steps:
1.
When the AP booted, it optionally obtained an IP address via DHCP if a static IP has not been
previously configured.
previously configured.
2.
The mesh AP s out a LWAPP discovery request.
3.
If a WLC receives the request, it responds with a discovery response.
4.
At this point the mesh AP issues a LWAPP join request.
5.
The WLC issues an LWAPP join response and proceeds with EAP authentication.
6.
Depending on the mesh AP’s current image version, it may download a new image and re-boot.
7.
After the reboot, the mesh AP requests to join the WLC again and re-authenticate.
Note
PSK may be used in place of EAP if configured on the WLC.
If there is no wired connection for the mesh AP to use to connect to a WLC, it uses the following
procedure to join the controller.:
procedure to join the controller.:
1.
After boot, the mesh AP forms a 802.11 association and issues a LWAPP discovery request via its
802.11a connection.
802.11a connection.
2.
When a mesh AP with a connection to the WLC is discovered, it uses DHCP to obtain an IP address
if one has not been statically configured.
if one has not been statically configured.
3.
At this point the mesh AP issues a LWAPP join request.
4.
The WLC issues an LWAPP join response and proceeds with EAP authentication.
5.
Depending on the mesh AP’s current image version, it may download a new image and re-boot.
6.
After the reboot, the mesh AP rediscovers its parent and requests to join the controller again and
re-authenticate.
re-authenticate.
Wireless Mesh Encryption
As discussed above, the wireless mesh bridges traffic between the MAPs and the RAPs. This traffic can
be from wired devices being bridged by the wireless mesh or LWAPP traffic from the mesh APs. This
traffic is always AES encrypted when it crosses a wireless mesh link (see
be from wired devices being bridged by the wireless mesh or LWAPP traffic from the mesh APs. This
traffic is always AES encrypted when it crosses a wireless mesh link (see
The AES encryption is established as part of the mesh AP neighbor relationships establishment with
other mesh APs. The encryption keys used between mesh APs are derived during the EAP authentication
process.
other mesh APs. The encryption keys used between mesh APs are derived during the EAP authentication
process.