Manualshelf

Specifications

ManualsBrandsUnify ManualsConsumer electronicsOpenStage WL3 Plus
11121314151617181920
18 Security Considerations
Downlink to Wired Network
The AP will preserve the 802.1D user priority by copying the value into the 802.1p priority tag. The
IP DSCP value will be unaffected by the transition to the wired network.
NOTE: The 802.1p priority tag is likely not preserved if VLANs are not configured throughout the
wired network. If the packets will travel across different subnets, the router configuration needs to
cope with preservation of the 802.1p priority tag.
NOTE: Any device that assigns QoS information to a data frame must be connected to a port in
the LAN switch which is defined as a trunk port. A trunk port in a switch accepts a frame as legal
when it is extended with a VLAN tag.
Normally an access port in a switch will not accept such a frame because the frame is not a stan-
dard Ethernet frame.
NOTE: The priority tag can be changed by any intermediate device by an administrator creating
rules in the device.
Downlink, AP to Handset
As stated in the section about WMM, if QoS is configured properly, voice packets will gain high
priority and thereby minimize latency and packet inter-arrival jitter.
But how does an AP know which packets to prioritize? Two basic methods are defined:
WMM default (Layer 2 to Layer 2 mapping).
The classification is done by translating the Layer 2 802.1p priority tag into one of four Access
categories and vice versa. This requires that the 802.1p priority tag is preserved in the wired net-
work all the way to the APs Ethernet interface. In most cases, this requires the use of VLAN. A
VLAN header includes the 802.1p priority tag.
IP DSCP mapping (Layer 3 to Layer 2 mapping).
All IP packets contain a field used for prioritization. This value is called DSCP - Differentiated
Services Code Point. In the AP, a rule can be created that map packets with a specific DSCP
value to the access category voice and thereby gain priority by using WMM channel access.
If no classification is done, the downlink packets (from the AP to the handset) will contend for
transmission time on the same conditions as all other data traffic. The impact will be bad speech
at random occasions when other clients might create load on the system by some heavy file
transfer etc.
Security Considerations
The handset can be configured to use various encryption and/or authentication schemes. The use
of extensive encryption/authentication schemes can cause incidents of dropped speech during
handover due to the time to process the authentication. No speech frames will be delivered to/from
the handset until the authentication is successfully completed.
It is recommended to use WPA2. If WPA2 security will be used together with 802.1X authentica-
tion, it is strongly recommended to use proactive key caching (also called opportunistic key cach-
ing). This feature is supported by the handset and enables the reuse of an existing PMKSA (Pair-
wise Master Key Security Association) when roaming between Access Points. Roaming and
handover times are reduced significantly since only fresh session encryption keys needs to be ex
-
changed by the 4-way handshake.
WPA2-PSK authentication time is reduced by having the initial keys pre-computed in the handset,
however encryption keys are exchanged by a 4-way handshake with the AP and may cause a
short loss of speech during handover.