Nortel Networks NN47250-500

Appendix F:Glossary 817

Nortel WLAN—Security Switch 2300 Series Configuration Guide

LDAP Lightweight Directory Access Protocol. A protocol defined in RFC 1777 for management and

browser applications that require simple read-write access to an X.500 directory without incurring the resource

requirements of Directory Access Protocol (DAP). Protocol elements are carried directly over TCP or other

transport, bypassing much of the session and presentation overhead. Many protocol data elements are encoded

as ordinary strings, and all protocol elements are encoded with lightweight basic encoding rules (BER).

Lightweight Directory Access Protocol See LDAP.

location policy An ordered list of rules that overrides the virtual LAN (VLAN) assignment and security

ACL filtering applied to users during normal authentication, authorization, and accounting (AAA)—or assigns

a VLAN or security ACL to users without these assignments. Defining location policy rules creates a location

policy for local access within a WLAN—Security Switch (WSS). Each WSS can have only one location

policy. See also location policy rule.

location policy rule A rule in the location policy on a WLAN—Security Switch (WSS) that grants or

denies a set of network access rights based on one or more criteria. Location policy rules use a username or

VLAN membership to determine whether to override—or supply—authorization attributes during

authentication and to redirect traffic. Location policy rules are processed in the order in which they appear in

the location policy. See also location policy.

MAC (1) Media access control. See MAC address. (2) Message authentication code. A keyed hash used to

verify message integrity. In a keyed hash, the key and the message are inputs to the hash algorithm. See also

MIC.

MAC address Media access control address. A 6-byte hexadecimal address that a manufacturer assigns

to the Ethernet controller for a port. Higher-layer protocols use the MAC address at the MAC sublayer of the

Data Link layer (Layer 2) to access the physical media. The MAC function determines the use of network

capacity and the stations that are allowed to use the medium for transmission.

MAC address wildcard A Nortel convention for matching media access control (MAC) addresses or

sets of MAC addresses by means of known characters plus a “wildcard” asterisk (*) character that stands for

from 1 byte to 5 bytes of the address. See also user wildcard; VLAN wildcard.

MAC protocol data unit See MPDU.

MAC service data unit See MSDU.

managed device In a Nortel WLAN 2300 system wireless LAN (WLAN), a WLAN—Security Switch

(WSS) or Access Point (AP) under the control of the WLAN Management Software tool suite.

master secret A code derived from the pre-master secret. A master secret is used to encrypt Transport

Layer Security (TLS) authentication exchanges and also to derive a pairwise master key (PMK). See also

PMK; pre-master secret.

maximum transmission unit See MTU.

MD5 Message-digest algorithm 5. A one-way hashing algorithm used in many authentication algorithms and

also to derive cryptographic keys in many algorithms. MD5 takes a message of an arbitrary length and creates

a 128-bit message digest.

media access control address See MAC address.

message authentication code See MAC.