hwc_startup.fm
A31003-W1040-U101-1-7619, July 2006 DRAFT
HiPath Wireless Controller, Access Points and Convergence Software V4.0, C10/C100/C1000 User Guide
63
Configuring the HiPath Wireless Controller
Performing the first-time setup of the HiPath Wireless Controller
For example, on the HiPath Wireless Controller’s data interfaces (both physical interfaces and
VNS virtual interfaces), the built-in exception filter prohibits invoking SSH, HTTPS, or SNMP.
However, such traffic is allowed, by default, on the management port.
If management traffic is explicitly enabled for any interface (physical port or VNS), access is
implicitly extended to that interface through any of the other interfaces (VNS). Only traffic
specifically allowed by the interface’s exception filter is allowed to reach the HiPath Wireless
Controller itself. All other traffic is dropped. Exception filters are dynamically configured and
regenerated whenever the system's interface topology changes (for example, a change of IP
address for any interface).
Enabling management traffic on an interface adds additional rules to the exception filter, which
opens up the well-known IP(TCP/UDP) ports, corresponding to the HTTPS, SSH, and SNMP
applications.
The port-based built-in exception filtering rules, in the case of traffic from VNS users, are
applicable to traffic targeted directly for the VNSs interface. For example, a VNS filter may be
generic enough to allow traffic access to the HiPath Wireless Controller's management (for
example, Allow All [*.*.*.*]). Exception filter rules are evaluated after the user's VNS assigned
filter policy, as such, it is possible that the VNS policy allow the access to management
functions that the exception filter denies. These packets are dropped.
To enable SSH, HTTPS, or SNMP access through a data interface:
1. From the main menu, click Wireless Controller Configuration. The HiPath Wireless
Controller Configuration screen appears.
2. In the left pane, click IP Addresses. The Management Port Settings screen appears.
>
You can also enable management traffic in the VNS definition.
To Next Page
Loading...
