AT-WA7500 and AT-WA7501 Installation and User’s Guide
Creating a Secure Spanning Tree
When you configure a radio to use 802.1x security, you automatically enable spanning tree security, which can be used for both wired and wireless access points (WAPs). However, if you configure a radio to use another security solution, you may want to still create a secure spanning tree. A secure spanning tree has two functions:
1.To require authentication of any access point attempting to join the spanning tree.
2.To provide encryption of critical
There are three authentication methods that you can use to secure the spanning tree: Simple Wireless Authentication Protocol (SWAP), TTLS, or TLS.
SWAP is an proprietary protocol that is based on the
When deciding on which type of spanning tree security to use, the supplicant access point and the authenticator will negotiate an authentication method that can be used by both. If the Allow SWAP check box is checked on both access points, SWAP will always be used. If the Allow SWAP check box is cleared on one or both of the access points, either TTLS or TLS will be used, depending on the setting of the Preferred Protocol field of the supplicant access point.
Note these potential problems:
If you enable secure IAPP on a root access point that is running software release 1.80 or later and other access points in your network are running an earlier software release than 1.80, the access points with the earlier software release will not attach to the root. The access points with the earlier software release do not support secure IAPP. If you want to use secure IAPP, upgrade all access points to software release 1.80.
If you enable secure IAPP on a
181
