4 Installing the
managed by another WCS, it looks up the MAC address of the AP in the local or RADIUS Valid AP database. If it finds the MAC address in the database, the switch validates the AP and assumes management. If you have not added the MAC address of the AP to the database, the AP appears in the Authentication Failed Access Points list, and the failure type is No Database Entry.
Optionally, you can require that the AP is authenticated before the WCS manages it. You can add authentication information about the AP when you add its MAC address to the local or RADIUS database.If you enable authentication, it takes place immediately after the switch validates the AP.
NOTE:When a switch successfully validates an AP, it sends an AP Profile to the access point. The AP Profile contains all of the access point configuration information, such as the radio, security, and SSID settings. You can configure all of the AP settings before the switch validates an AP. For information about configuring the default AP profile, see Chapter 5, “Configuring Access Point Settings” on page 77.
Configuring AP Authentication
Unless access to the wired network is secured with IEEE 802.1x authentication or another security mechanism, the AP should always use authentication so that Rogue APs do not automatically associate with the switch.
If you require the AP to authenticate itself to the switch, you must perform the following three steps:
1.Enable AP authentication on the switch, which is described in this section.
2.Connect to the access point CLI and configure a pass phrase as described in “Preparing the Access Points” on page 54.
3.Enter the pass phrase in the Valid AP database.
To enter a pass phrase in the local database, see “Using the Local Database for AP Validation” on page 72. To enter a pass phrase in the RADIUS database, see “Using the RADIUS Database for AP Validation” on page 74.
Authenticating and Validating Access Points 71
