5 - 90 WiNG 5.5 Access Point System Reference Guide
8. Firewalls, generally, are configured for all interfaces on a device. When configured, firewalls generate flow tables that
store information on the traffic allowed to traverse through the firewall. These flow tables occupy a large portion of the
limited memory that could be used for other critical purposes. With the per VLAN firewall feature enabled on an interface,
flow tables are only generated for that interface. Flow tables are not generated for those interfaces where this feature is
not enabled. This frees up memory which can be used for other purposes.
Firewalls can be switched off for those interfaces which are known to carry trusted traffic and only enabled on the
interfaces that can provide a vector for an attack on the network. Select the Per VLAN Firewall option to enable firewall
on this interface.
9. Select the L2 Tunnel Broadcast Optimization option to prevent flooding of ARP packets on this bridge interface.
Broadcast Optimization prevents flooding of ARP packets over the virtual interface. Based on the learned information, ARP
packets are filtered at the wireless controller level.
10. Define the following Extended VLAN Tunnel parameters:
11. Select Tunnel Over Level 2 to tunnel extended VLAN traffic over level 2 links.
12. Define the following Layer 2 Firewall parameters:
13. Select the IGMP Snooping tab.
Bridging Mode Specify one of the following bridging mode for use on the VLAN:
• Automatic: Select Automatic mode to let the access point determine the best
bridging mode for the VLAN.
• Local: Select Local to use local bridging mode for bridging traffic on the VLAN.
• Tunnel: Select Tunnel to use a shared tunnel for bridging traffic on the VLAN. Tunnel
must be selected to successfully create a mesh connection between two Standalone
APs.
• isolated-tunnel: Select isolated-tunnel to use a dedicated tunnel for bridging traffic
on the VLAN.
IP Outbound Tunnel ACL Select an IP Outbound Tunnel ACL for outbound traffic from the drop-down menu. If an
appropriate outbound IP ACL is not available select the create icon to make a new one.
MAC Outbound Tunnel ACL Select a MAC Outbound Tunnel ACL for outbound traffic from the drop-down menu. If
an appropriate outbound MAC ACL is not available select the create icon to make a new
one.
NOTE: If creating a mesh connection between two access points in Standalone AP
mode, Tunnel must be selected as the Bridging Mode to successfully create the mesh
link between the two access points.
Trust ARP Response Select this option to use trusted ARP packets to update the DHCP Snoop Table to
prevent IP spoof and arp-cache poisoning attacks. This feature is disabled by default.
Trust DHCP Responses Select this option to use DHCP packets from a DHCP server as trusted and permissible
within the network. DHCP packets update the DHCP Snoop Table to prevent IP spoof
attacks. This feature is disabled by default.
Enable Edge VLAN Mode Select this option to enable edge VLAN mode. When selected, the IP address in the
VLAN is not used for normal operations, as its now designated to isolate devices and
prevent connectivity. This feature is enabled by default.
To Next Page
Loading...
