Extreme Networks Summit WM Series Guía de usuario Pagina 39
- Pagina / 228
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Filtering at the interface level
Summit WM-Series WLAN Switch and Altitude Access Point Software Version 1.0 User Guide
39
Port-based exception filters: built-in
On the Summit WM-Series Switch, various port-based exception filters are built in and invoked
automatically. These filters protect the Summit WM-Series Switch from unauthorized access to system
management functions and services via the ports.
For example, on the Summit WM-Series Switch’s data interfaces (both physical interfaces and WM-AD
virtual interfaces), the built-in exception filter prohibits invoking SSH, HTTPS, or SNMP. However, such
traffic is allowed, by default, on the Management port.
To enable SSH, HTTPS, or SNMP access through a data interface, select the interface in the IP Addresses
screen and click the “Management” checkbox on. You can also enable such management traffic in the
WM-AD definition.
If management traffic is explicitly enabled for any interface (physical port or WM-AD), access is
implicitly extended to that interface through any of the other interface. (WM-AD).
Only traffic specifically allowed by the interface’s exception filter is allowed to reach the Summit WM-
Series Switch itself. All other traffic is dropped. Exception filters are dynamically configured, and are
regenerated whenever the system's interface topology changes (a change of IP address for any
interface).
Enabling management traffic on an interface adds additional rules to the exception filter to open up the
well-known IP(TCP/UDP) ports corresponding to the HTTPS, SSH and SNMP applications.
The port-based built-in exception filtering rules, in the case of traffic from WM-AD users, operate only
on traffic that is targeted directly to one of the WM-AD's interfaces. For example, a WM-AD filter may
be generic enough to allow traffic access to the Summit WM-Series Switch's management (Allow All
[*.*.*.*]). The traffic will initially be allowed according to the WM-AD user’s policy, but may then be
denied by the exception filter of the WM-AD interface.
Port-based exception filters: user defined
You can add specific filtering rules at the port level in addition to the built-in rules. Such rules give you
the capability of restricting access to a port, for specific reasons, such as a Denial of Service (DoS) attack.
To define filtering rules that are associated with one of the physical data ports on the Summit WM-
Series Switch rather than with a WM-AD, use the Port Exception Filter screen.
The filtering rules are set up in the same manner as filtering rules defined for a WM-AD — specify an
IP address and then either “Allow” or “Deny” traffic to that address. See “Filtering rules for a WM-AD”
on page 86.
Exception filtering rules that you will define for a WM-AD will apply to the wireless device users after
their authentication, whereas the filtering rules that you define here apply to all traffic on a physical
port.
- Table of Contents 3
- Formatting conventions 10
- Documentation feedback 10
- Protocols and standards 11
- Regulatory information 11
- About this Guide 12
- Conventional wireless LANS 13
- Wireless AP 15
- Summit WM 15
- Wireless Controller 15
- Network traffic flow 18
- Network security 19
- Policy: packet filtering 21
- Mobility and roaming 21
- Availability 22
- Quality of Service (QoS) 22
- Data ports (4 or 2) 24
- Management ports 24
- Configuration steps: overview 31
- Enabling the product key 31
- Setting up the data ports 32
- Port Type or Function 34
- Setting up static routes 35
- Setting up OSPF Routing 36
- Define port exception filters 40
- 4 Altitude AP: startup 41
- Installing the Altitude APs 43
- Set the discovery timers 45
- Discovery and registration 46
- Registration after discovery 48
- Altitude AP access approval 49
- ● 802.11 b/g (2.4 GHz radio) 53
- ● 802.11a (5 GHz radio) 53
- Adding a Altitude AP manually 56
- Auto Cell software 58
- Configure Auto Cell software 59
- Altitude AP: startup 60
- Introduction 61
- What is a WM-AD? 62
- Topology of a WM-AD 62
- Filtering for a WM-AD 64
- Setting up a new WM-AD 66
- Global Settings for a WM-AD 68
- Topology for a WM-AD 71
- Use DHCP Relay for the WM-AD 74
- Topology for a WM-AD for AAA 75
- Authentication for a WM-AD 76
- ● No Captive Portal Support 80
- Captive Portal” on page 87) 81
- Accounting for a WM-AD 84
- RADIUS Policy for a WM-AD 84
- Filtering rules for a WM-AD 86
- Default Filter: Examples 93
- Multicast for a WM-AD 95
- Privacy for a WM-AD 96
- Privacy for a WM-AD for AAA 97
- A WM-AD for voice traffic 101
- Availability and Mobility 103
- Management users 111
- Network time 112
- Check Point event logging 113
- Setting up SNMP 115
- Setting SNMP Parameters 116
- Overview 123
- Summit Spy: running scans 125
- The Analysis Engine 126
- 11 Ongoing operation 131
- Altitude AP client management 133
- Client disassociate 134
- Client blacklist 135
- Health Checking 136
- Change the system log level 136
- Enable and configure Syslog 136
- Logs and alarms 141
- View the Logs 142
- View the Traces 142
- View the Audits 143
- Reports and displays 144
- View reports 146
- Glossary 147
- D (Continued) 149
- F (Continued) 151
- H (Continued) 152
- I (Continued) 153
- O (Continued) 156
- P (Continued) 157
- S (Continued) 160
- T (Continued) 162
- W (Continued) 164
- Altitude AP system states 168
- B CLI command reference 169
- CLI command reference 170
- RFC list 177
- 802.11 standards list 178
- Reference lists of standards 180
- E Support for Altitude AP 181
- F RADIUS Attributes 183
- RADIUS Accounting 184
- Account-Stop/Interim Packet 185
- Termination Codes 186
- G Logs and Events 187
- Logs and Events 188
- Critical 189
- CDR_COLLECTOR 191
- CONFIG_MANAGER 191
- EVENT_SERVER 192
- RADIUS_ACCOUNTING 194
- RADIUS_CLIENT 194
- RF_DATA_COLLECTOR 195
- RU_MANAGER 195
- SECURITY_MANAGER 196
- STARTUP_MANAGER 197
- STATS_SERVER 198
- ACCESSPOINT 200
- CPDP_AGENT_ID 203
- NSM_SERVER 205
- OSPF_SERVER 206
- PORT_INFO_J_MANAGER 206
- REDIR_ID 207
- H Regulatory Information 213
- Emissions 214
- FCC ID#: RJF-A3502 216
- Part 15 Unlicensed Antenna 217
- European Community 218
- European Spectrum Usage Rules 221
- Regulatory Information 222
- Declarations of Conformity 223
Relacionado con productos y manuales para Software Extreme Networks Summit WM Series
(7 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.051 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales