Intermec MobileLAN access WA21 System Manual page 174

Chapter 6 — Configuring Security
160
By default, Secure Wireless Authentication Protocol (SWAP) is also
enabled. The access point tells the authenticator that it can perform
SWAP. If the authenticator allows SWAP, SWAP is used. SWAP allows
access points to authenticate using an EAP-MD5 challenge. If the
supplicant or the authenticator does not allow SWAP, the authentication
must happen at the authentication server using TTLS or TLS.
When the Access Point Is the Authenticator
If the Allow Swap check box is cleared, the access point that is acting as
the authenticator will not perform any authentications using SWAP.
Supplicants will need to authenticate with the authentication server using
TTLS or TLS.
However, older access points do not support these authentication
methods. If the Allow SWAP check box is checked, the access point that is
acting as the authenticator will authenticate any supplicants that offer
SWAP. Note that SWAP authentication is susceptible to downgrade
attacks from rogue supplicants as it is easier to break SWAP than TLS or
TTLS.
Configuring Spanning Tree Security
Note: If you are implementing an 802.1x security solution, secure IAPP
and secure wireless hops are automatically enabled.
1 From the main menu, click Security > Spanning Tree Security. The
Spanning Tree Security screen appears.
2 In the IAPP Secret Key field, enter a secret key. This secret key must be
between 16 and 32 bytes.
MobileLAN access System Manual