User's Manual
Deployment Guide 97
EXAMPLE 2: DEFINING NETWORK OBJECTSAND MAC FILTERS
EXAMPLE 2:DEFINING NETWORK OBJECTSAND MAC FILTERS
Network objects are the most basic objects that you can configure and only function when other objects such as QoS
classifiers, SSID profiles, and firewall policy rules reference them. IP addresses, network services (HTTP, SMTP,
FTP, … ), MAC addresses, MAC OUIs (organizationally unique identifiers), VLANs, Ethernet profiles, and radio profiles
are network objects that make no reference to any other previously defined object.
You define the following network objects that you reference in other examples later in this chapter:
• MAC OUI for filtering VoIP phone traffic
• VLANs that you can apply to user profiles
• IP addresses that you can assign to management services and RADIUS servers
In addition, you define a MAC filter to control access to the SSID for VoIP traffic.
Defining a MAC OUI
You define a MAC OUI for the type of VoIP (Voice over IP) phones in use in the network and assign traffic from it to
Aerohive class 6. Other critical IP telephony services are DHCP and DNS for address and domain name assignments,
and TFTP and HTTP for configuration downloads and software updates. You map traffic using destination port
numbers 53 (DNS) and 67 (DHCP) to Aerohive class 5. This is a fairly high priority level because these services are
vital for VoIP to work properly; however, they are not as high as that for the voice traffic itself. Finally, you map
traffic using destination port numbers 69 (TFTP) and 80 (HTTP) to Aerohive class 2. This is a much lower priority
level, but it is appropriate for these resilient and less time-sensitive services. HiveAPs check if an incoming packet
matches a classifier map by checking for matches in the following order. They then use the first match found:
1.Service
2.MAC OUI
3.Ingress interface
4.Existing priorities used by various standard QoS classification systems (802.11e, 802.1p, and DSCP)
After VoIP clients associate with an SSID and begin sending traffic, the HiveAP maps all DNS and DHCP traffic to class
5, all TFTP and HTTP traffic to class 2, and all remaining traffic—voice traffic in this case—to class 6 (see Figure7).
Figure 7 MAC OUI and Service Classifier Maps for VoIP Phones
ðïæîîæíìæÞÚæêÝæðì
ðïæîîæíìæëÜæððæðî
ðïæîîæíìæëéæðÞæíÚ
Ü¿¬¿
Ôí
Ø»¿¼»®
Ôì
Ø»¿¼»®
É·®»´»-- Ôî
Ø»¿¼»®
Ü»-¬·²¿¬·±² ᮬ Ò«³¾»®
Ø·ª»ßÐ
ß»®±¸·ª» Ý´¿--
é
ê
ë
ì
í
î
ï
ð
ɸ»² ¬¸» ¼»-¬·²¿¬·±² °±®¬ ²«³¾»® ·² ¬¸» Ôì
¸»¿¼»® ·- ëí øÜÒÍ÷ ±® êé øÜØÝÐ÷ô ¬¸»
Ø·ª»ßÐ ³¿°- ¬¸» °¿½µ»¬ ¬± ß»®±¸·ª» ½´¿-- ëò
ɸ»² ·¬ ·- êç øÌÚÌÐ÷ ±® èð øØÌÌÐ÷ô ¬¸»
Ø·ª»ßÐ ³¿°- ·¬ ¬± ß»®±¸·ª» ½´¿-- îò
ɸ»² ¬¸» ÓßÝ ÑË× ·² ¬¸» Ôî ¸»¿¼»® ·-
ðïæîîæíìô ¬¸» Ø·ª»ßÐ ³¿°- ¬¸» °¿½µ»¬ ¬±
ß»®±¸·ª» ½´¿-- êò
Ø·ª»ßÐ
ʱ×Ри±²»- º®±³ ¬¸» -¿³»
ª»²¼±® øÓßÝ ÑË× ðïæîîæíì÷
ÓßÝ ÑË×