Extreme Networks Summit WM Series Guía de usuario Pagina 65
- Pagina / 228
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Filtering for a WM-AD
Summit WM-Series WLAN Switch and Altitude Access Point Software Version 1.0 User Guide
65
Four types of filters are applied by the Summit WM-Series Switch in the following order:
1 Exception filter, to provide the administrator optional additional flexibility in securing the system
and blocking Denial of Service (DoS) attacks, on any type of WM-AD.
2 Non-Authenticated filter, with filtering rules that apply before authentication, to control network
access and to direct users to a Captive Portal web page for login.
3 Group filters (by Filter ID) for designated user groups, to control access to certain areas of the
network, with values that match the values defined for the RADIUS Filter ID attribute.
4 Default filter, to control access if there is no matching Filter ID for a user.
Within each type of filter, you define a sequence of filtering rules. This sequence must be carefully
planned and arranged in the order that you want them to take effect. You define each rule to either
allow or deny traffic in either direction:
● “In”: from a wireless device in to the network
● “Out”: from the network out to the wireless device
The final rule in any filter should be a catch-all for any traffic that did not match a filter. This final rule
should either “allow all” or “deny all” traffic, depending on the requirements for network access. For
example, the final rule in a Non-Authenticated Filter for Captive Portal is typically “deny all”. A final
“allow all” rule in a Default Filter will ensure that a packet is not dropped entirely if no other match
can be found.
Each rule can be based on any one of the following:
● destination IP address, or any IP address within a specified range that is on the network subnet (as a
wildcard)
● destination ports, by number and range
● protocols (UDP, TCP, etc.)
This is how the Summit WM-Series Switch software filters traffic:
1 The Summit WM-Series Switch software attempts to match each packet of a WM-AD to the filtering
rules that apply to the wireless device user.
2 If a filtering rule is matched, the operation (allow or deny) is executed.
3 The next packet is fetched for filtering.
The filtering sequence depends on the type of authentication:
● No authentication (network assignment by SSID)
Only the Non-Authenticated filter will apply. Specific network access can be defined. Since there will
be no authentication, the final rule should be “deny all”.
● Authentication by captive portal (network assignment by SSID)
The Non-Authenticated filter will apply before authentication. Specific network access can be
defined. The filter should also include a rule to allow all users to get as far as the Captive Portal
webpage where the user can enter login identification for authentication. When authentication is
returned, then the Filter ID group filters are applied. If no Filter ID matches are found, then the
Default filter is applied.
- Table of Contents 3
- Formatting conventions 10
- Documentation feedback 10
- Protocols and standards 11
- Regulatory information 11
- About this Guide 12
- Conventional wireless LANS 13
- Wireless AP 15
- Summit WM 15
- Wireless Controller 15
- Network traffic flow 18
- Network security 19
- Policy: packet filtering 21
- Mobility and roaming 21
- Availability 22
- Quality of Service (QoS) 22
- Data ports (4 or 2) 24
- Management ports 24
- Configuration steps: overview 31
- Enabling the product key 31
- Setting up the data ports 32
- Port Type or Function 34
- Setting up static routes 35
- Setting up OSPF Routing 36
- Define port exception filters 40
- 4 Altitude AP: startup 41
- Installing the Altitude APs 43
- Set the discovery timers 45
- Discovery and registration 46
- Registration after discovery 48
- Altitude AP access approval 49
- ● 802.11 b/g (2.4 GHz radio) 53
- ● 802.11a (5 GHz radio) 53
- Adding a Altitude AP manually 56
- Auto Cell software 58
- Configure Auto Cell software 59
- Altitude AP: startup 60
- Introduction 61
- What is a WM-AD? 62
- Topology of a WM-AD 62
- Filtering for a WM-AD 64
- Setting up a new WM-AD 66
- Global Settings for a WM-AD 68
- Topology for a WM-AD 71
- Use DHCP Relay for the WM-AD 74
- Topology for a WM-AD for AAA 75
- Authentication for a WM-AD 76
- ● No Captive Portal Support 80
- Captive Portal” on page 87) 81
- Accounting for a WM-AD 84
- RADIUS Policy for a WM-AD 84
- Filtering rules for a WM-AD 86
- Default Filter: Examples 93
- Multicast for a WM-AD 95
- Privacy for a WM-AD 96
- Privacy for a WM-AD for AAA 97
- A WM-AD for voice traffic 101
- Availability and Mobility 103
- Management users 111
- Network time 112
- Check Point event logging 113
- Setting up SNMP 115
- Setting SNMP Parameters 116
- Overview 123
- Summit Spy: running scans 125
- The Analysis Engine 126
- 11 Ongoing operation 131
- Altitude AP client management 133
- Client disassociate 134
- Client blacklist 135
- Health Checking 136
- Change the system log level 136
- Enable and configure Syslog 136
- Logs and alarms 141
- View the Logs 142
- View the Traces 142
- View the Audits 143
- Reports and displays 144
- View reports 146
- Glossary 147
- D (Continued) 149
- F (Continued) 151
- H (Continued) 152
- I (Continued) 153
- O (Continued) 156
- P (Continued) 157
- S (Continued) 160
- T (Continued) 162
- W (Continued) 164
- Altitude AP system states 168
- B CLI command reference 169
- CLI command reference 170
- RFC list 177
- 802.11 standards list 178
- Reference lists of standards 180
- E Support for Altitude AP 181
- F RADIUS Attributes 183
- RADIUS Accounting 184
- Account-Stop/Interim Packet 185
- Termination Codes 186
- G Logs and Events 187
- Logs and Events 188
- Critical 189
- CDR_COLLECTOR 191
- CONFIG_MANAGER 191
- EVENT_SERVER 192
- RADIUS_ACCOUNTING 194
- RADIUS_CLIENT 194
- RF_DATA_COLLECTOR 195
- RU_MANAGER 195
- SECURITY_MANAGER 196
- STARTUP_MANAGER 197
- STATS_SERVER 198
- ACCESSPOINT 200
- CPDP_AGENT_ID 203
- NSM_SERVER 205
- OSPF_SERVER 206
- PORT_INFO_J_MANAGER 206
- REDIR_ID 207
- H Regulatory Information 213
- Emissions 214
- FCC ID#: RJF-A3502 216
- Part 15 Unlicensed Antenna 217
- European Community 218
- European Spectrum Usage Rules 221
- Regulatory Information 222
- Declarations of Conformity 223
Relacionado con productos y manuales para Software Extreme Networks Summit WM Series
(7 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.042 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales