Example 2: Creating A Cluster - Black Box LWN602A User Manual

Chapter 8: Basic Configuration Examples
Client

8.2 Example 2: Creating a Cluster

A cluster is a group of SmartPath APs that exchanges information with each other to form a collaborative whole. Through
coordinated actions based on shared information, cluster members can provide the following services:
• Consistent Quality of Service (QoS) policy enforcement across all cluster members
• Coordinated and predictive wireless access control that provides seamless Layer 2 and Layer 3 roaming to clients moving from
one cluster member to another (The members of a cluster can be in the same subnet or different subnets, allowing clients to
roam across subnet boundaries.)
• Dynamic best-path routing for optimized data forwarding and network path redundancy
• Automatic radio frequency and power selection for wireless mesh and access radios
• Tunneling of client traffic from one cluster member to another, such as the tunneling of guest traffic from a SmartPath AP in the
internal network to another SmartPath AP in the corporate DMZ
Cluster members use Wi-Fi Protected Access with a preshared key (WPA-PSK) to exchange keys and secure wireless cluster
communications. To authenticate and encrypt wireless cluster communications, cluster members use open authentication and
CCMP (AES) encryption. CCMP is a rough acronym for "Counter Mode with Cipher Block Chaining Message Authentication Code
Protocol" that makes use of Advanced Encryption Standard (AES). This is very similar to the security provided by the SSID in the
preceding example.
Page 80
Beacons
SSID: test1-psk
Key method: WPA-PSK or WPA2-PSK
Encryption: CCMP (AES) or TKIP
Supported rates and capabilities
Beacons
Probe Request
Probe Response
Authentication Request
Authentication Response
Association Request
Association Response
Four-Way Handshake
Figure 8-2. How a client discovers the SSID and forms a secure association.
724-746-5500 | blackbox.com
SmartPath AP
The SmartPath AP broadcasts beacons advertising
The HiveAP broadcasts beacons advertising the
the SSID "test1 psk" and its security and network
SSID "test1-psk" and its security and network
capabilities on the 2.4-GHz band.
capabilities on the 2.4 GHz band.
If the client sends a probe request to discover available
If the client sends a probe request to discover
SSIDs, the SmartPath AP responds with the same
available SSIDs, the HiveAP responds with the
information as that in its beacons.
same information as that in its beacons.
The client sends an authentication request, and because
The client sends an authentication request, and
WPA and WPA2 use open authentication, the response
because WPA and WPA2 use open authentication,
always accepts the request.
the response always accepts the request.
The client sends its capabilities, and the SmartPath AP
replies if these are acceptable or not. If they are, it
The client sends its capabilities, and the HiveAP
replies if these are acceptable or not. If they are, it
creates an association ID and sends it to the client.
creates an association ID and sends it to the client.
The SmartPath AP and client exchange the preshared
key and other information to derive keys to encrypt
The SmartPathAP and client exchange the preshared
unicast traffic. (Later, they drive encryption keys for
key and other information to derive keys to encrypt
multicast and broadcast traffic as well.)
unicast traffic. (Later, they derive encryption keys for
multicast and broadcast traffic as well.)