The Upgrade of Wireless LAN Security Gateway 2300

Posted On Oct 15, 2008 at at 9:55 PM by Dophi  

    wlansecuritygroup The upgrade of Nortel WLAN 2300 from version 5.0 to 6.0 is a little tricky and not be mentioned clearly in the release note. For future reference, I would like to note it on this blog.

    As the release note mentions, backup the configuration is necessary due to the configuration of Access Point (AP) is different. For example, the distribution AP configuration in version 5.0 is no longer available in version 6.0. Instead of it, Wireless Security Switch (WSS) 2300 uses only AP configuration. When using the Wireless Management System (WMS) to install the Release 6.0 image on the WSS, a backup configuration file is created on the WSS as “configuration-bak.5.0”. This backup file is the only way to go back to a “dap” configuration if the WSS software needs to be downgraded to Release 5.0 in future. There is no method to convert an AP configuration to a DAP configuration when downgrading from Release 6.0 to 5.0 without a backup 5.0 configuration file. All associated AP configurations needs to be reconfigured if backup file is not available to use.

    In addition, a trick that the release note doesn't mention but usually happens, the encryption keys and self-signed certificates of version 5.0 and 6.0 are not compatible. After the first reboot of upgrade, we should re-generate the encryption keys and self-signed certificates. The commands to re-generate keys and certificates are listed below. Without this action, WMS or clients can't communicate or authenticate with a WSS. This leads WMS get an error message "Connection Security Error" when it connects to a WSS or a client authentication be failed.

crypto generate key:

Generates an RSA public-private encryption key pair that is required for a Certificate Signing Request (CSR) or a self-signed certificate. For SSH, generates an authentication key.

crypto generate key {admin | domain | eap | ssh | web} {128 | 512 | 1024 | 2048}

crypto generate self-signed:

Generates a self-signed certificate for either an administrative certificate for use with WLAN Management Software or an EAP certificate for use with 802.1X wireless users.

crypto generate self-signed {admin | eap | web}

 

Note:

The picture of WLAN 2300 is from Nortel Products.

Posted in Labels: , , , |

1 comments:

  1. David B. Says: April 5, 2011 at 3:35 AM  

    Thank god for Google - was trying to upload a WSS to WMS after a change out this morning and was getting the security connection issue and needed to generate the key pair before it would upload. Thanks for the tip!

Post a Comment

Subscribe to: Post Comments (Atom)