Nortel 2350 用户指南
Configuring APs 241
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Even when forced image download is disabled (the default), the AP still checks with the WSS to verify that the
AP has the latest image, and to verify that the WSS is running WSS Software Version 5.0 or later.
AP has the latest image, and to verify that the WSS is running WSS Software Version 5.0 or later.
The AP loads its local image only if the WSS is running WSS Software Version 5.0 or later and does not have
a newer AP image than the one in the AP’s local storage. If the switch is not running WSS Software Version
5.0 or later, or the WSS has a newer version of the AP image than the version in the AP’s local storage, the AP
loads its image from the WSS.
a newer AP image than the one in the AP’s local storage. If the switch is not running WSS Software Version
5.0 or later, or the WSS has a newer version of the AP image than the version in the AP’s local storage, the AP
loads its image from the WSS.
Enabling LED blink mode
Blink mode makes an AP easy to identify. When blink mode is enabled on AP-xxx models, the health and
radio LEDs alternately blink green and amber. When blink mode is enabled on an AP2750, the 11a LED
blinks on and off. By default, blink mode is disabled. Blink mode continues until you disable it. LED blink
mode is disabled by default.
radio LEDs alternately blink green and amber. When blink mode is enabled on an AP2750, the 11a LED
blinks on and off. By default, blink mode is disabled. Blink mode continues until you disable it. LED blink
mode is disabled by default.
Changing the LED blink mode does not alter operation of the AP. Only the behavior of the LEDs is affected.
To enable or disable LED blink mode, use the following command:
set {ap port-list | ap ap-num} blink {enable | disable}
Configuring AP-WSS security
WSS Software provides security for management traffic between WSSs and Distributed APs. When the
feature is enabled, all management traffic between Distributed APs that support encryption and the WSS is
encrypted. AP-WSS security is set to optional by default.
feature is enabled, all management traffic between Distributed APs that support encryption and the WSS is
encrypted. AP-WSS security is set to optional by default.
The encryption uses RSA as the public key cryptosystem, with AES-CCM for data encryption and integrity
checking and HMAC-MD5 for keyed hashing and message authentication during the key exchange. Bulk data
protection is provided by AES in CCM mode (AES CTR for encryption and AES-CBC-MAC for data integ-
rity). A 64-bit Message Authentication Code is used for data integrity.
checking and HMAC-MD5 for keyed hashing and message authentication during the key exchange. Bulk data
protection is provided by AES in CCM mode (AES CTR for encryption and AES-CBC-MAC for data integ-
rity). A 64-bit Message Authentication Code is used for data integrity.
Encryption key fingerprint
APs are configured with an encryption key pair at the factory. The fingerprint for the public key is displayed
on a label on the back of the AP, in the following format:
on a label on the back of the AP, in the following format:
Note.
This feature applies to Distributed APs only, not to directly connected APs
configured on AP access ports.
Note.
The maximum transmission unit (MTU) for encrypted AP management traffic is
1498 bytes, whereas the MTU for unencrypted management traffic is 1474 bytes. Make
sure the devices in the intermediate network between the WSS and Distributed AP can
support the higher MTU.
sure the devices in the intermediate network between the WSS and Distributed AP can
support the higher MTU.