Configuring Mint - Motorola Solutions WiNG 5.2.6 Reference Manual

5 - 88 WiNG 5.2.6 Access Point System Reference Guide

5.3.9.2 Configuring MINT

MINT provides the means to secure access point profile communications at the transport layer. Using MINT, an access
point can be configured to only communicate with other authorized (MINT enabled) access points of the same model.
Virtual Controller AP managed access points can communicate with each other exclusively over a MINT security
domain. Keys can also be generated externally using any application (like openssl). These keys must be present on
the access point managing the domain for key signing to be integrated with the UI. A MAP device that needs to
communicate with another first negotiates a security context with that device. The security context contains the
transient keys used for encryption and authentication. A secure network requires users know about certificates and
PKI. However, administrators do not need to define security parameters for access points to be adopted (secure
WISPe being an exception, but that isn't a commonly used feature). Also, users can replace any device on the network
or move devices around and they continue to work. Default security parameters for MINT are such that these
scenarios continue to function as expected, with minimal user intervention required only when a new network is
deployed.
To define an access point profile's MINT configuration:
1. Select MINT Protocol
The Settings
2. Refer to the Area Identifier field to define the Level 1 and Level 2 Area IDs used by the profile's MINT
configuration.
Level 1 Area ID
from the expanded Advanced menu.
Figure 5-45 Advanced Profile MINT screen - Settings tab
tab displays by default.
Select the check box to enable a spinner control for setting the Level 1 Area
ID between 1 - 4,294,967,295. The default value is disabled.