Chapter 16: Radio Configuration (CLI)
Configuring AES-256 Payload Encryption (CLI)
phn-3963_004v000
Page 16-257
Configuring AES-256 Payload Encryption (CLI)
This feature is only relevant for PTP 820C and PTP 820S units.
This feature is not supported with MIMO links.
This feature requires:
Requires an activation key. If no valid AES activation key has been applied to the unit, AES will
not operate on the unit. See Configuring the Activation Key (CLI).
Note
In order for the AES activation key to become active, you must reset the unit after
configuring a valid AES activation key. Until the unit is reset, an alarm will be present if
you enable AES. This is not the case for other activation keys.
PTP 820C and PTP 820S support AES-256 payload encryption. The purpose of payload encryption
is to secure the radio link and provide protection against eavesdropping and/or personification
(“man-in-the-middle”) attacks.
AES is enabled and configured separately for each radio carrier.
PTP 820 uses a dual-key encryption mechanism for AES:
The user provides a master key. The master key can also be generated by the system upon
user command. The master key is a 32-byte symmetric encryption key. The same master key
must be manually configured on both ends of the encrypted link.
The session key is a 32-byte symmetric encryption key used to encrypt the actual data. Each
link uses two session keys, one for each direction. For each direction, the session key is
generated by the transmit side unit and propagated automatically, via a Key Exchange
Protocol, to the other side of the link. The Key Exchange Protocol exchanges session keys by
encrypting them with the master key, using the AES-256 encryption algorithm. Session keys
are regenerated at user-configured intervals.
AES key generation is completely hitless, and has no effect on ACM operation.
To display the current payload encryption status for all available radio links on the unit, enter the
following command in root view:
root> payload encryption status show
The following is a sample output of this command in which payload encryption is enabled but not
operational on radio interface 1, and disabled on radio interface 2.
To Next Page
Loading...
Need help?
General
