Appendix A: AP-Server Mutual Authentication
The AP-server communication begins with a mutual authentication step in which the AP and server authenticate each other using a shared secret. The AP-server communication takes place only if this authentication succeeds.
After the authentication succeeds, a session key is generated. All communication between the AP and server from this point on is encrypted using the session key.
The AP and server are shipped with the same default value of the shared secret. Both the server and the AP have CLI commands to change the shared secret.
Note: After the shared secret (communication key) is changed on the server, all APs connected to the server will automatically be set up to use the new communication key. APs that are not connected to the server at this time must be manually set up with the same communication key to enable communication with this server.
Note:Although the server is backward compatible—that is, older version APs can connect to a newer version server—this is not recommended.