Scribd Logo
Upload

Welcome to Scribd!

  • 11 views

    Data Dtls

    Uploaded by

    Ariel
    This document provides information about configuring Data DTLS (Datagram Transport Layer Security) on wireless access points and controllers. It discusses how Data DTLS encrypts CAPWAP data packets between the devices using DTLS encryption. It then provides instructions for enabling Data DTLS on the controller through both the GUI and CLI, which allows the access points to establish DTLS sessions for encrypting wireless data traffic.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Data Dtls

    Uploaded by

    Ariel
    11 views4 pages
    This document provides information about configuring Data DTLS (Datagram Transport Layer Security) on wireless access points and controllers. It discusses how Data DTLS encrypts CAPWAP data packets between the devices using DTLS encryption. It then provides instructions for enabling Data DTLS on the controller through both the GUI and CLI, which allows the access points to establish DTLS sessions for encrypting wireless data traffic.

    Original Description:

    DTLS explained

    Original Title

    data-dtls

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides information about configuring Data DTLS (Datagram Transport Layer Security) on wireless access points and controllers. It discusses how Data DTLS encrypts CAPWAP data packets between the devices using DTLS encryption. It then provides instructions for enabling Data DTLS on the controller through both the GUI and CLI, which allows the access points to establish DTLS sessions for encrypting wireless data traffic.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    11 views4 pages

    Data Dtls

    Uploaded by

    Ariel
    This document provides information about configuring Data DTLS (Datagram Transport Layer Security) on wireless access points and controllers. It discusses how Data DTLS encrypts CAPWAP data packets between the devices using DTLS encryption. It then provides instructions for enabling Data DTLS on the controller through both the GUI and CLI, which allows the access points to establish DTLS sessions for encrypting wireless data traffic.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 4

    Data DTLS

    • Information About Data Datagram Transport Layer Security, on page 1


    • Configuring Data DTLS (GUI), on page 1
    • Configuring Data DTLS (CLI), on page 2

    Information About Data Datagram Transport Layer Security


    Data Datagram Transport Layer Security (DTLS) enables you to encrypt CAPWAP data packets that are sent
    between an access point and the controller using DTLS, which is a standards-track IETF protocol that can
    encrypt both control and data packets based on TLS. CAPWAP control packets are management packets that
    are exchanged between a controller and an access point while CAPWAP data packets encapsulate forwarded
    wireless frames. CAPWAP control and data packets are sent over separate UDP ports: 5246 (control) and
    5247 (data).
    If an access point does not support DTLS data encryption, DTLS is enabled only for the control plane, and a
    DTLS session for the data plane is not established.
    If an access point supports Data DTLS, it enables data DTLS after receiving the new configuration from the
    controller . The access point performs a DTLS handshake on port 5247 and after successfully establishing
    the DTLS session. All the data traffic (from the access point to the controller and the controller to the access
    point) is encrypted.

    Note The throughput is affected for some APs that have data encryption enabled.

    Note If the AP’s DHCP lease time is less and the DHCP pool is small, access point join failure or failure in
    establishing the Data Datagram Transport Layer Security (DTLS) session may occur. In such scenarios,
    associate the AP with a named site-tag and increase the DHCP lease time for at least 8 days.

    Configuring Data DTLS (GUI)


    Follow the procedure to enable DTLS data encryption for the access points on the controller :

    Data DTLS
    1
    Data DTLS
    Configuring Data DTLS (CLI)

    Procedure

    Step 1 Click Configuration > Tags and Profile > AP Join.


    Step 2 Click Add to create a new AP Join Profile or click an existing profile to edit it.
    Step 3 Click CAPWAP > Advanced.
    Step 4 Check Enable Data Encryption check box to enable Datagram Transport Layer Security (DTLS) data
    encryption.
    Step 5 Click Update & Apply to Device.

    Configuring Data DTLS (CLI)


    Follow the procedure given below to enable DTLS data encryption for the access points on the controller :

    Procedure

    Command or Action Purpose


    Step 1 configure terminal Enters global configuration mode.
    Example:
    Device# configure terminal

    Step 2 ap profile ap-profile Configures an AP profile and enters AP profile


    configuration mode.
    Example:
    Device(config)# ap profile Note You can use the default AP profile
    test-ap-profile (default-ap-profile) or create a
    named AP profile, as shown in the
    example.

    Step 3 link-encryption Enables link encryption based on the profile.


    Answer yes, when the system prompts you with
    Example:
    this message:
    Device(config-ap-profile)#
    link-encryption Note If you set stats-timer as as zero (0)
    under the AP profile, then the AP
    will not send the link encryption
    statistics.

    Enabling link-encryption will reboot the


    APs with link-encryption.
    Are you sure you want to continue?
    (y/n)[y]:

    Step 4 end Returns to privileged EXEC mode.


    Example:
    Device(config-ap-profile)# end

    Data DTLS
    2
    Data DTLS
    Configuring Data DTLS (CLI)

    Command or Action Purpose


    Step 5 show wireless dtls connections (Optional) Displays the DTLS session
    established for the AP that has joined this
    Example:
    controller.
    Device# show wireless dtls connections

    Step 6 show ap link-encryption (Optional) Displays the link encryption-related


    statistics (whether link encryption is enabled or
    Example:
    disabled) counter received from the AP.
    Device# show ap link-encryption

    Data DTLS
    3
    Data DTLS
    Configuring Data DTLS (CLI)

    Data DTLS
    4

    You might also like