User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point

161

162

163

164

165

166

167

168

169

170

156

DWS-1008 User’s Manual

D-Link Systems, Inc.

Conguring DWL-8220AP Access Points

To enable or disable LED blink mode, use the following command:

set {ap port-list | dap dap-num} blink {enable | disable}

Conguring Security

MSS provides security for management trafc between switches and Distributed APs.

When you enable the feature, all management trafc between Distributed APs that support

encryption and the switch is encrypted. DWS-1008 security is disabled by default.

The encryption uses RSA as the public key cryptosystem, with AES-CCM for data encryption

and integrity checking and HMAC-MD5 for keyed hashing and message authentication

during the key exchange. Bulk data protection is provided by AES in CCM mode (AES CTR

for encryption and AES-CBC-MAC for data integrity). A 64-bit Message Authentication Code

is used for data integrity.

Note: This feature applies to Distributed APs only, not to directly connected APs congured

on AP access ports.

The maximum transmission unit (MTU) for encrypted AP management trafc is 1498 bytes,

whereas the MTU for unencrypted management trafc is 1474 bytes. Make sure the devices

in the intermediate network between the switch and Distributed AP can support the higher

MTU.

Encryption Key Fingerprint

APs are congured with an encryption key pair at the factory. The ngerprint for the public key

is displayed on a label on the back of the AP, in the following format:

RSA

aaaa:aaaa:aaaa:aaaa:

aaaa:aaaa:aaaa:aaaa

If the AP is already installed, you can display the ngerprint in MSS.

Encryption Options

By default, MSS does not encrypt management communication between the switch and

Distributed APs. The default setting is none.

You can congure the switch to use encryption by setting security to optional or require:

• optional - Distributed APs can be managed by the switch even if they do not have

encryption keys or their keys have not been veried by an administrator.

• require - All Distributed APs must have encryption keys. The switch does not establish

a management session with a Distributed AP unless the AP has a key, and you have

veried the key’s ngerprint in MSS using the set dap ngerprint command.

The table below lists the AP security options and whether a DWL-8220AP can establish a

management session with a DWS-1008 based on the option settings.