hwc_vnsconfiguration.fm
A31003-W1040-U101-1-7619, July 2006 DRAFT
HiPath Wireless Controller, Access Points and Convergence Software V4.0, C10/C100/C1000 User Guide
153
Virtual Network configuration
Configuring filtering rules for a VNS
4. In the Filter ID Values box, type the name of a group that you want to define specific
filtering rules for to control network access.
5. Click the corresponding Add button. The filter ID value appears in the list. These filter ID
values will appear in the Filter ID list on the Filtering tab. These filter ID values must match
those set up for the filter ID attribute in the RADIUS server.
6. If applicable, repeat steps 4 and 5 to add additional filtering ID values.
7. In the VNS Group Name box, type the name of a VNS group you want to create and define
within the selected parent VNS.
8. Click the corresponding Add button. The Group Name will appear as a child of the parent
VNS in the left pane Virtual Networks list.
9. To your changes, click Save.
7.6 Configuring filtering rules for a VNS
The next step in configuring a VNS is to configure the filtering rules for a VNS.
In an AAA VNS, a non-authenticated filter is unnecessary because users have already been
authenticated. When authentication is returned, the filter ID group filters are applied. For AAA,
a VNS can have a sub-group with Login-LAT-group ID that has its own filtering rules. If no filter
ID matches are found, then the default filter is applied. VNS Policy is also applicable for Captive
Portal and MAC-based authorization.
7.6.1 Filtering rules for an exception filter
The exception filter provides a set of rules aimed at restricting the type of traffic that is delivered
to the controller. By default, your system is shipped with a set of restrictive filtering rules that
help control access through the interfaces to only absolutely necessary services.
By configuring to allow management on an interface, an additional set of rules are added to the
shipped filter rules that provide access to the system's management configuration framework
(SSH, HTTPS, SNMPAgent). Most of this functionality is handled directly behind the scenes by
the system, rolling and un-rolling canned filters as the system's topology and defined access
privileges for an interface change.
The visible exception filters definitions, both in physical ports and VNS definitions, allow
administrators to define a set of rules to be prepended to the system's dynamically updated
exception filter protection rules. Rule evaluation is performed top to bottom, until an exact
>
An interface for which Allow Management is enabled, can be reached by any other
interface. By default, Allow Management is disabled and shipped interface filters
will only permit the interface to be visible directly from it's own subnet.
To Next Page
Loading...
