beautypg.com

Allied Telesis AT-WA7500 User Manual

Page 156

background image

6 - Configuring Security

156

Establishing Secure Communications Between Access Points

To enable secure communications between access points, enable secure
IAPP. Secure IAPP prevents unauthorized AT-WA7500 access points from
joining the spanning tree and it encrypts IAPP frames. If you enable
secure IAPP, when access points communicate with each other through
the radios, they will create secure wireless hops using one of the
authentication methods you have chosen: SWAP, TTLS, TLS.

Unless you are implementing an 802.1x security solution, by default,
secure IAPP is disabled. You can enable secure IAPP and secure wireless
hops in any type of radio network. If you enable secure IAPP, all access
points have the same default IAPP secret key so they can communicate
with each other. Allied Telesyn recommends that you change the default
IAPP secret key to prevent rogue access points from joining your
spanning tree. Make sure that all access points in your network have the
same IAPP secret key.

By default, Secure Wireless Authentication Protocol (SWAP) is enabled. If
you have an older access point or you are not implementing an 802.1x
security solution, you can use SWAP. SWAP forces access points to
authenticate each other using an EAP-MD5 challenge. For more
information on the other authentication methods, see Implementing
an 802.1x Security Solution on page 164.

Note these potential problems:

‰ If you enable secure IAPP on a root access point that is running

software release 1.80 or later and other access points in your
network are running an earlier software release than 1.80, the
access points with the earlier software release will not attach to
the root. The access points with the earlier software release do not
support secure IAPP. If you want to use secure IAPP, upgrade all
access points to software release 1.80.

‰ If you enable secure IAPP on a non-root access point and the root

access point has secure IAPP disabled, the access points will form
separate spanning trees with the same LAN ID. If you want to use
secure IAPP, enable secure IAPP on all access points.

See also other documents in the category Allied Telesis Computer hardware: