Profile Configuration
7-11
11.Refer to the Access Control field. As part of the port’s security configuration, Inbound IP and MAC
address firewall rules are required.
Use the Inbound IP Firewall Rules and Inbound MAC Firewall Rules drop-down menus to select
the firewall rules to apply to this profile’s Ethernet port configuration.
The firewall inspects IP and MAC traffic flows and detects attacks typically not visible to traditional
wired firewall appliances.
12.If a firewall rule does not exist suiting the data protection needs of the target port configuration, select
the Create icon to define a new rule configuration. For more information, see Wireless Firewall on page
8-2.
13.Refer to the Trust field to define the following:
14.Select the Enable checkbox within the 802.1x Authentication field to enable a username and
password pair to be used when authenticating users on this port.
15.Select OK to save the changes made to the Ethernet port’s security configuration. Select Reset to revert
to the last saved configuration.
7.2.2 Virtual Interface Configuration
Profile Interface Configuration
A Virtual Interface is required for layer 3 (IP) access to provide layer 3 service on a VLAN. The Virtual Interface
defines which IP address is associated with each VLAN ID the Access Point is connected to. A Virtual
Interface is created for the default VLAN (VLAN 1) to enable remote administration. A Virtual Interface is also
used to map VLANs to IP address ranges. This mapping determines the destination networks for routing.
To review existing Virtual Interface configurations and either create a new Virtual Interface configuration,
modify an existing configuration or delete an existing configuration:
Trust ARP Responses Select the radio button to enable ARP trust on this port. ARP packets
received on this port are considered trusted and information from these
packets is used to identify rogue devices within the network. The default
value is disabled.
Trust DHCP Responses Select the radio button to enable DHCP trust on this port. If enabled, only
DHCP responses are trusted and forwarded on this port, and a DHCP server
can be connected only to a DHCP trusted port. The default value is enabled.
ARP header Mismatch
Validation
Select the radio button to enable a mismatch check for the source MAC in
both the ARP and Ethernet header. The default value is enabled.
Trust 8021p COS values Select the radio button to enable 802.1p COS values on this port. The default
value is enabled.
Trust IP DSCP Select the radio button to enable IP DSCP values on this port. The default
value is enabled.
NOTE: Some vendor solutions with VRRP enabled send ARP packets with Ethernet
SMAC as a physical MAC and inner ARP SMAC as VRRP MAC. If this configuration is
enabled, a packet is allowed, despite a conflict existing.
To Next Page
Loading...
