Manualshelf

Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS6000 - Wireless RF Switch
591592593594595596597598599600
D-75
D.6.1 Shared Secrets
Encryption and authentication is provided by defining an 8 to 64 character shared secret on the RF Switch for
each AP300 profile. The shared secret authenticates the AP300 during adoption, and derives a unique
session key to encrypt the management and control frames. Depending on customer requirements, the same
shared secret can be defined for all AP300s on a RF Switch, or a unique shared secret can be configured for
each AP.
By default, a shared secret defaultS is pre-defined on the RF Switch and is applied to all configured AP300s.
Motorola recommends the default shared secret be changed and applied to all AP300s added to the RF
Switch. However, when the default shared secret is changed it does not change the shared secret already
defined on existing APs.
Shared secrets are forwarded to AP300s during the L2/L3 adoption. When secure WiSPe is first enabled for
an AP300, the AP300s must be set for pre staging, then reset. When pre-staging is enabled, the RF Switch
forwards the shared key to the AP300 in clear text. If pre staging is not enabled, the AP300 does not have
the correct shared key and is rejected by the RF Switch during adoption.
Once the shared key has been forwarded to the AP300s, pre staging can be disabled and subsequent key
changes are forwarded to the AP300 over secure WiSPe management/control frames.
D.6.2 Pre Staging Mode
When secure WiSPe is first enabled on an AP300, pre staging mode must be enabled on the AP300 for the
initial shared key to be applied. When pre staging mode is enabled on an AP300, the RF Switch forwards the
configured shared key to the AP300 in clear text during L2/L3 adoption. Once applied, the shared secret is
used to authenticate the AP300 to the RF Switch and generate unique session keys to encrypt management
NOTE: When a shared secret is changed on a secure WiSPe enabled AP300, the AP300
must be reset before the new shared secret and session keys can be used. Until the
AP300 is reset, the existing shared secret and session keys remain in use.