Setting the map security requirement on a wx – 3Com WX4400 3CRWX440095A User Manual

Page 232

background image

232

C

HAPTER

10: C

ONFIGURING

MAP A

CCESS

P

OINTS

bssid2: 00:0b:0e:0a:60:02, ssid: 3Com
Radio 2 type: 802.11a, state: configure succeed [Enabled]
operational channel: 48 operational power: 11
base mac: 00:0b:0e:0a:60:01
bssid1: 00:0b:0e:0a:60:01, ssid: public
bssid2: 00:0b:0e:0a:60:03, ssid: 3Com

The fingerprint is displayed regardless of whether it has been verified in
MSS.

The display ap config command lists a MAP fingerprint only if the
fingerprint has been verified in MSS. If the fingerprint has not been
verified, the fingerprint info in the command output is blank

Verifying a Fingerprint on a WX Switch

To verify a MAP fingerprint,

find the fingerprint and use the set ap fingerprint command to enter the
fingerprint in MSS.

Setting the MAP Security Requirement on a WX

You can configure the WX to require all Distributed MAPs to have
encryption keys. In this case, the WX does not establish a management
session with a Distributed MAP unless the MAP has a key, and you have
confirmed the fingerprint of the key in MSS.

A change to MAP security support does not affect management sessions
that are already established. To apply the new setting to a MAP, restart
the MAP.

To configure MAP security requirements, use the following command:

set ap security {require | optional | none}

The require option enforces encryption of management traffic for all
Distributed MAPs, and requires the key fingerprints to be confirmed in
MSS. The none option disables encryption of management traffic for all
Distributed MAPs. The default is optional, which allows connection to
MAPs with or without encryption.

The following command configures a WX to require Distributed MAPs to
have encryption keys:

WX# set ap security require