Table of Contents
Advertisement
The Access Point is provided with the configuration for the integrated SCEP
client via the secure DTLS connection – the Access Point is then able to retrieve
its certificate from the SCEP CA via SCEP. Once this is done, the assigned con-
figuration is transferred to the Access Point.
SCEP stands for Simple Certificate Enrollment Protocol; CA for Certifi-
cation Authority.
The WLAN Controller then uses an internal random number to determine a
unique and secure session key which it uses to protect the connection to the
Access Point. The CA in the WLAN Controller issues a certificate to the Access
Point by means of SCEP. The certificate's relationship is protected by a one-
time-only "challenge" (password). The Access Point uses this certificate for
authentication at the WLAN Controller to collect the certificate.
ACCESS POINT
Authentication and configuration can both be carried out either automatically
or only with a corresponding entry of the Access Point's MAC address in the
AP table of the WLAN Controller. If the Access Point's WLAN modules were
deactivated at the beginning of the DTLS communication, these will be acti-
vated after successful transfer of the certificate and configuration (provided
they are not explicitly deactivated in the configuration).
The management and configuration data will then be transferred via the CAP-
WAP tunnel. The payload data from the WLAN client is then released in the
Access Point directly into the LAN and transferred, for example, to the server.
Chapter 1: Centralized WLAN management
DTLS request
SCEP configuration
SCEP request
Certificate
Configuration
LANCOM WLC series
WLAN CONTROLLER
15
Advertisement
Table of Contents
