Manualshelf

Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS6000 - Wireless RF Switch
591592593594595596597598599600
D-76 Motorola RF Switch System Reference Guide
and control frames. If pre staging mode is not enabled for the AP300, the AP300 does not have the correct
shared secret and will fail to authenticate to the RF Switch.
Once the shared secret is applied to an AP300, pre staging can be disabled on the AP. Subsequent changes
to the shared secret, once secure WiSPe is enabled, are applied over secured management and control
frames, and pre staging mode is not required.
Pre staging is primarily used when enabling secure WiSPe on an AP300. However, pre staging is also
required for the following adoption scenarios:
A RF Switch adopting AP300s with a default or an outdated shared secret
A RF Switch adopting AP300s running old firmware with no secure WiSPe support
A RF Switch adopting AP300s from other RF Switches that use a different shared secret
D.6.3 Applications
Secure WiSPe is intended for environments requiring security for management and control frames to protect
against unauthorized monitoring and potential man-in-the-middle attacks. Secure WiSPe combined with
strong WLAN encryption can provide complete end-to-end encryption for all frames exchanged between a
RF Switch and adopted AP300s.
D.6.4 Restrictions
Secure WiSPe only provides encryption for management and control frames and does not provide encryption
for MU data frames. MU data frame encryption can be provided by enabling WEP, KeyGuard, WPA or WPA2
encryption on each WLAN where encryption is required. Whatever encryption is used to protect the data over
the air will be used when exchanging traffic between the APs and RF Switch.
D.6.5 Secure WISPe Configuration
The following configuration activities can be performed to secure WISPe on an AP300:
Enabling Secure WISPe on Existing AP300s
Enabling Secure WISPe on New AP300s
To view the running configuration on the RFS6000 switch used to create this secure WISPe tutorial, refer to
RF Switch Running Configuration on page D-86.
D.6.5.1 Requirements
The following requirements must be met prior to attempting this configuration:
One or more RF Switches are installed and operational on the network
One or more AP300 Access Ports configured and adopted by the RF Switch
A Windows XP workstation with a console, telnet or SSH client is available to perform configuration on
the RF Switches
NOTE: AP300s with a secure WiSPe enabled can be adopted by RF Switches running
older firmware, or by RF Switches with secure WiSPe disabled. However, if the shared
secret is changed, or the firmware downgraded, pre staging must be enabled before
readopting the AP300 on a secure WiSPe supported RF Switch.