Alcatel-Lucent AOS-W 6.5.3.x

To Next Page

To Previous Page

The bSec protocol requires that you use VIA 2.1.1 or greater on the client device. Consult VIA documentation

for more information on configuring and installing VIA.

The bSec protocol is available in 128-bit mode and 256-bit mode. The number of bits specifies the length of the

AES-GCM encryption key. Using United States Department of Defense classification terminology, bSec-128 is

suitable for protection of information up to the SECRET level, while bSec-256 is suitable for protection of

information up to the TOP SECRET level.

Suite-B AES-128-GCM and AES-256-GCM encryption is supported by the AOS-W hardware. Note, however, that

not all switches support Suite-B encryption. The table below describes the switch support for Suite-B

encryption in AOS-W.

Switch Serial Number Prefix ACR License Support

OAW-40xx Series All serial numbers supported Yes

OAW-4x50 Series

All serial numbers supported Yes

To determine the serial number prefix for your switch, issue the CLI command show inventory and note the

prefix before the system serial number. The serial number prefix in the example below appears in bold.

(host) #show inventory

Supervisor Card slot : 0

System Serial# : AK0093676

Wi-Fi Multimedia Protection

Wi-Fi Multimedia™ (WMM®) is a Wi-Fi Alliance® certification program that is based on the IEEE 802.11e

amendment. WMM ensures QoS for latency-sensitive traffic in the air. WMM divides the traffic into four

queues or access categories:

n voice

n video

n best effort

n background

Management Frame Protection

AOS-W supports the IEEE 802.11w standard, also known as Management Frame Protection (MFP). MFP makes

it difficult for an attacker to deny service by spoofing Deauth and Disassoc management frames. MFPuses

802.11i (Robust Security Network) framework that establishes encryption keys between the client and AP.

MFP is configured on a virtual AP (VAP) as part of the wlan ssid-profile. There are two parameters that can be

configured, mfp-capable and mfp-required. Both are disabled by default.

MFP can only be enabled on SSIDs that support WPA2. MFP is not supported on virtual APs using tunnel forwarding

mode.

Configuring the SSIDProfile

Follow the procedures below to create a new SSID profile and associate that profile to your Virtual AP.

In the WebUI

1. Navigate to Configuration >ADVANCED SERVICES > All Profiles.

2. In the Profiles list, expand the Wireless LAN menu, then select SSID.

AOS-W 6.5.3.x | User Guide Virtual APs | 431

Alcatel-Lucent AOS-W 6.5.3.x - Page 431