Manual Part 2

Wireless Array

Configuring the Wireless Array 205

The Array has low overhead and latency for virtual tunnel connections, with high

resilience. The Array performs all encryption and decryption in hardware,

maintaining wire-rate encryption performance on the tunnel.

Virtual Tunnel Server (VTS)

Tunneling capability is provided by a Virtual Tunnel Server. You supply the server

and deploy it in your network using open-source VTun software, available from

vtun.sourceforge.net. To enable the Array to use tunneling for a VLAN, simply

enter the IP address, port and secret for the tunnel server as described in Step 11

on page 208.

VTun may be configured for a number of different tunnel types, protocols, and

encryption types. For use with Arrays, we recommend the following

configuration choices:

 Tunnel Type: Ether (Ethernet tunnel)

 Protocol: UDP

 Encryption Type: select one of the encryption types supported by VTun

(AES and Blowfish options are available)

 Keepalive: yes

VTS Client-Server Interaction

The Array is a client of the Virtual Tunnel Server. When you specify a VTS for an

active VLAN-SSID pair, the Array contacts the VTS. The server then creates a

tunnel session to the Array. VTun encapsulated packets will cross the Layer 3

network from the Array to the VTS. When packets arrive at the VTS, they will be

de-encapsulated and the resultant packets will be passed to your switch with

802.1q VLAN tags for final Layer 2 processing. The process occurs in reverse for

packets traveling in the other direction.

We recommend that you enable the VTun keep-alive option. This will send a

keep-alive packet once per second to ensure that the tunnel remains active.

Tunnels can be configured to come up on demand but this is a poor choice for

wireless, since tunnel setup can take roughly 5-20 seconds and present a problem

for authentication.