Overview
1-27
Authorized AP Lists
Configure a list of authorized access ports based on their MAC addresses. The switch evaluates the APs
against the configured authorized list after obtaining Rogue AP information from one of the 2 mechanisms as
mentioned in Rogue AP Detection on page 1-26.
Rogue AP Report
After determining which are authorized APs and which are Rogue, the switch prepares a report.
Motorola RFMS Support
With this most recent switch firmware release, the switch can provide rogue device detection data to the
Motorola RF Management software application (or Motorola RFMS). Motorola RFMS uses this data to refine
the position and display the rogue on a site map representative of the physical dimensions of the actual radio
coverage area of the switch. This is of great assistance in the quick identification and removal of unauthorized
devices.
1.2.5.10 ACLs
ACLs control access to the network through a set of rules. Each rule specifies an action taken when a packet
matches the given set of rules. If the action is deny, the packet is dropped, if the action is permit, the packet
is allowed, if the action is to mark, the packet is tagged for priority. The switch supports the following types
of ACLs:
• IP Standard ACLs
• IP Extended ACLs
• MAC Extended ACLs
• Wireless LAN ACLs
ACLs are identified by either a number or a name (the exception being MAC extended ACLs which take only
name as their identifier). Numbers are predefined for IP Standard and Extended ACLs, whereas a name can be
any valid alphanumeric string not exceeding 64 characters. With numbered ACLs, the rule parameters have to
be specified on the same command line along with the ACL identifier. For named ACLs, rules are configured
within a separate CLI context. For information on creating an ACL, see ACL Configuration on page 6-19.
1.2.5.11 Local Radius Server
Radius is a common authentication protocol utilized by the 802.1x wireless security standard. Radius improves
the WEP encryption key standard, in conjunction with other security methods such as EAP-PEAP. The switch
has one onboard Radius server. For information on configuring the switch’s resident Radius Server, see
Configuring the Radius Server on page 6-71.
1.2.5.12 IPSec VPN
IP Sec is a security protocol providing authentication and encryption over the Internet. Unlike SSL (which
provides services at layer 4 and secures two applications), IPsec works at layer 3 and secures everything in the
network. Also unlike SSL (which is typically built into the Web browser), IPsec requires a client installation.
IPsec can access both Web and non-Web applications, whereas SSL requires workarounds for non-Web
access such as file sharing and backup.
A VPN is used to provide secure access between two subnets separated by an unsecured network. There are
two types of VPNs:
To Next Page
Loading...
Need help?
General
