Securing A Configuration Channel Between Switch And Ap; Adaptive Ap Wlan Topology; Configuration Updates; Securing Data Tunnels Between The Switch And Aap - Motorola AP-51 Series Product Reference Manual

10-6 AP-51xx Access Point Product Reference Guide

10.1.6 Securing a Configuration Channel Between Switch and AP

Once an access point obtains a list of available switches, it begins connecting to each. The switch
can be either on the LAN or WAN side of the access point to provide flexibility in the deployment of
the network. If the switch is on the access point's LAN, ensure the LAN subnet is on a secure channel.
The AP will connect to the switch and request a configuration.

10.1.7 Adaptive AP WLAN Topology

An AAP can be deployed in the following WLAN topologies:
• Extended WLANs - Extended WLANs are the centralized WLANs created on the switch
• Independent WLANs - Independent WLANs are local to an AAP and can be configured from
the switch. You must specify a WLAN as independent to stop traffic from being forwarded
to the switch. Independent WLANs behave like WLANs on a standalone access point.
• Both - Extended and independent WLANs are configured from the switch and operate
simultaneously.
NOTE For a review of some important considerations impacting the use of

10.1.8 Configuration Updates

An AAP receives its configuration from the switch initially as part of its adoption sequence.
Subsequent configuration changes on the switch are reflected on an AAP when applicable.
An AAP applies the configuration changes it receives from the switch after 30 seconds from the last
received switch configuration message. When the configuration is applied on the AAP, the radios
shutdown and re-initialize (this process takes less than 2 seconds) forcing associated MUs to be
deauthenticated. MUs are quickly able to associate.

10.1.9 Securing Data Tunnels between the Switch and AAP

If a secure link (site-to-site VPN) from a remote site to the central location already exists, the AAP
does not require IPSec be configured for adoption.
For sites with no secure link to the central location, an AAP can be configured to use an IPSec tunnel
(with AES 256 encryption) for adoption. The tunnel configuration is automatic on the AAP side and
requires no manual VPN policy be configured. On the switch side, configuration updates are required
to adopt the AAP using an IPSec tunnel.
extended and independent WLANs within an AAP deployment, see
Adaptive AP Deployment Considerations on page 10-19.