Overview of the Controller, Access Points and Convergence Software solution
A31003-W1040-U101-1-7619, July 2006 DRAFT
38 HiPath Wireless Controller, Access Points and Convergence Software V4.0, C10/C100/C1000 User Guide
hwc_intro.fm
Controller, Access Points and Convergence Software and your network
3.3.4 Static routing and routing protocols
Routing can be used on the HiPath Wireless Controller to support the VNS definitions. Through
the user interface you can configure routing on the HiPath Wireless Controller to use one of the
following routing techniques:
● Static routes – Use static routes to set the default route of a HiPath Wireless Controller so
that legitimate wireless device traffic can be forwarded to the default gateway.
● Open Shortest Path First (OSPF, version 2) (RFC2328) – Use OSPF to allow the HiPath
Wireless Controller to participate in dynamic route selection. OSPF is a protocol designed
for medium and large IP networks with the ability to segment routes into different areas by
routing information summarization and propagation. Static Route definition and OSPF
dynamic learning can be combined, but a static route definition will take precedence over
dynamic rules.
● Next-hop routing – Use next-hop routing to specify a unique gateway to which traffic on
a VNS is forwarded. Defining a next-hop for a VNS forces all the traffic in the VNS to be
forwarded to the indicated network device, bypassing any routing definitions of the
controller's route table.
3.3.5 Packet filtering policy
Policy refers to the rules that allow different groups of users access to the network. The
Controller, Access Points and Convergence Software system can link authorized users to user
groups. These user groups then can be confined to predefined portions of the network.
In the Controller, Access Points and Convergence Software system, network access policy is
carried out by means of packet filtering within a VNS.
In the HiPath Wireless Controller user interface, you set up a packet filtering policy by defining
a set of hierarchical rules that allow or deny traffic to specific IP addresses, IP address ranges,
or service ports. The sequence and hierarchy of these filtering rules must be carefully designed
based on your enterprise user access plan.
The authentication technique selected determines how filtering is carried out:
● If authentication is by SSID and Captive Portal, a non-authenticated filter allows all users
to get as far as the Captive Portal Web page, where logon authentication occurs. When
authentication is returned, then filters are applied, based on user ID and permissions.
● If authentication is by AAA (802.1x), users have logged on and have been authenticated
before being assigned an IP address. When authentication is completed, the authenticated
filter is assigned by default unless a more user-specific filter is returned or indicated by the
authentication mechanism. The characteristics and level of access for a filter are controlled
and defined by the system administrator.
To Next Page
Loading...
