Manualshelf

User's Manual

ManualsBrandsAirgo Networks ManualsElectronicsTrue MIMO Access Point
51525354555657585960
6 Configuring a Wireless Backhaul
136 Installation and User Guide: Airgo Access Point
Wireless Backhaul Security
By implementing a common security policy across the network, you can provide appropriate
security to clients while also ensuring that incompatibilities do not prevent formation of wireless
backhaul links.
Overall wireless backhaul security depends upon the security modes assigned to all the AP and BP
radios in the backhaul arrangement. The security mode assigned to the access point (see “Security
Mode” on page 150) determines the security used by each AP radio, while the backhaul security
policy (see “Link Criteria” on page 138) determines the security used by each BP radio. When a BP
radio attempts to form a backhaul, the upstream AP authenticates locally, in the case of PSK, WEP,
or Open security, or sends the request to the security portal, in the case of certificate-based security
(Figure 99).
Each link from a client through to the root AP should use the same security mode; therefore, the AP
and BP security modes should be the same. It is strongly recommended that you apply the same
global security policy across the entire network, thereby ensuring that backhaul trunks can form
wherever needed.
Figure 99: Certificate Authentication in Wireless Backhaul Network
Certificate security provides the highest level of protection and is the default option for backhaul
security. The APs must be managed by NM Portal or NMS, and a security portal must be
configured to service backhaul authentication requests. For backhaul authentication, requests are
sent from the BP radio through to the security portal (see Figure 99).
From the perspective of the wired APs, each backhaul AP appears as a client; however, these
“clients” are not identified in the RADIUS user database. For authentication purposes, identity
information for the backhaul APs is automatically entered into the internal RADIUS database on
the security services portal AP upon enrollment of the backhaul node. Users cannot view or modify
this information.
WPA-PSK provides effective security without requiring a security portal for backhaul
authentication. Backhaul authentication is managed with the same PSK password used for the
global security setting. When configuring a network of APs for wireless backhaul with WPA-PSK,
10/100 Switched Ethernet
AP Radio
AP Radio
Client Client
BP Radio
Security Portal AP
A00053