1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. IOS XE Release 3SE
  6. Configuration manual

Information About Data Encryption; How To Configure Data Encryption; Configuring Data Encryption (Cli) - Cisco IOS XE Release 3SE Configuration Manual

Lightweight access point configuration guide, cisco ios xe release 3se (catalyst 3650 switches)
Hide thumbs
Table of Contents

Advertisement

Information About Data Encryption

Information About Data Encryption
The switch enables you to encrypt Control and Provisioning of Wireless Access Points (CAPWAP) control
packets (and optionally, CAPWAP data packets) that are sent between the access point and the switch using
DTLS. DTLS is a standards-track Internet Engineering Task Force (IETF) protocol based on TLS. CAPWAP
control packets are management packets exchanged between a switch and an access point while CAPWAP
data packets encapsulate forwarded wireless frames. CAPWAP control and data packets are sent over separate
UDP ports: 5246 (control) and 5247 (data). If an access point does not support DTLS data encryption, DTLS
is enabled only for the control plane, and a DTLS session for the data plane is not established.

How to Configure Data Encryption

Configuring Data Encryption (CLI)

SUMMARY STEPS
1. configure terminal
2. ap link-encryption
3. end
4. show ap link-encryption
5. show wireless dtls connections
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
Switch# configure terminal
Step 2
ap link-encryption
Example:
Switch(config)# ap link-encryption
Step 3
end
Example:
Switch(config)# end
Step 4
show ap link-encryption
Example:
Switch# show ap link-encryption
Lightweight Access Point Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3650 Switches)
28
Purpose
Enters global configuration mode.
Enables data encryption for all access points or a specific access point by
entering this command. The default value is disabled.
Changing the data encryption mode requires the access points to rejoin the
switch.
Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z
to exit global configuration mode.
Displays the encryption state of all access points or a specific access point.
This command also shows authentication errors, which track the number
of integrity check failures and replay errors. Relay errors help in tracking
the number of times the access point receives the same packet.
Configuring Data Encryption
OL-28697-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco IOS XE Release 3SE

Related Content for Cisco IOS XE Release 3SE

This manual is also suitable for:

Catalyst 3650 series

Table of Contents