156
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring DWL-8220AP Access Points
To enable or disable LED blink mode, use the following command:
set
{
ap
port-list
|
dap
dap-num
}
blink
{
enable
|
disable
}
Configuring Security
MSS provides security for management traffic between switches and Distributed APs.
When you enable the feature, all management traffic between Distributed APs that support
encryption and the switch is encrypted. DWS-1008 security is disabled by default.
The encryption uses RSA as the public key cryptosystem, with AES-CCM for data encryption
and integrity checking and HMAC-MD5 for keyed hashing and message authentication
during the key exchange. Bulk data protection is provided by AES in CCM mode (AES CTR
for encryption and AES-CBC-MAC for data integrity). A 64-bit Message Authentication Code
is used for data integrity.
Note:
This feature applies to Distributed APs only, not to directly connected APs configured
on AP access ports.
The maximum transmission unit (MTU) for encrypted AP management traffic is 1498 bytes,
whereas the MTU for unencrypted management traffic is 1474 bytes. Make sure the devices
in the intermediate network between the switch and Distributed AP can support the higher
MTU.
Encryption Key Fingerprint
APs are configured with an encryption key pair at the factory. The fingerprint for the public key
is displayed on a label on the back of the AP, in the following format:
RSA
aaaa:aaaa:aaaa:aaaa:
aaaa:aaaa:aaaa:aaaa
If the AP is already installed, you can display the fingerprint in MSS.
Encryption Options
By default, MSS does not encrypt management communication between the switch and
Distributed APs. The default setting is
none
.
You can configure the switch to use encryption by setting security to
optional
or
require
:
•
optional
- Distributed APs can be managed by the switch even if they do not have
encryption keys or their keys have not been verified by an administrator.
•
require
- All Distributed APs must have encryption keys. The switch does not establish
a management session with a Distributed AP unless the AP has a key, and you have
verified the key’s fingerprint in MSS using the
set dap fingerprint
command.
The table below lists the AP security options and whether a DWL-8220AP can establish a
management session with a DWS-1008 based on the option settings.
Summary of Contents for DWS-1008
Page 1: ......