Manualshelf

User's Manual

ManualsBrandsAerohive Networks ManualsElectronics802.11 a/b/g/n access point
12345678910
Table Of Contents
Deployment Guide 97
EXAMPLE 2: DEFINING NETWORK OBJECTS AND MAC FILTERS
EXAMPLE 2: DEFINING NETWORK OBJECTS AND MAC FILTERS
Network objects are the most basic objects that you can configure and only function when other objects such as QoS
classifiers, SSID profiles, and firewall policy rules reference them. IP addresses, network services (HTTP, SMTP,
FTP, …), MAC addresses, MAC OUIs (organizationally unique identifiers), VLANs, Ethernet profiles, and radio profiles
are network objects that make no reference to any other previously defined object.
You define the following network objects that you reference in other examples later in this chapter:
MAC OUI for filtering VoIP phone traffic
VLANs that you can apply to user profiles
IP addresses that you can assign to management services and RADIUS servers
In addition, you define a MAC filter to control access to the SSID for VoIP traffic.
Defining a MAC OUI
You define a MAC OUI for the type of VoIP (Voice over IP) phones in use in the network and assign traffic from it to
Aerohive class 6. Other critical IP telephony services are DHCP and DNS for address and domain name assignments,
and TFTP and HTTP for configuration downloads and software updates. You map traffic using destination port
numbers 53 (DNS) and 67 (DHCP) to Aerohive class 5. This is a fairly high priority level because these services are
vital for VoIP to work properly; however, they are not as high as that for the voice traffic itself. Finally, you map
traffic using destination port numbers 69 (TFTP) and 80 (HTTP) to Aerohive class 2. This is a much lower priority
level, but it is appropriate for these resilient and less time-sensitive services. HiveAPs check if an incoming packet
matches a classifier map by checking for matches in the following order. They then use the first match found:
1. Service
2. MAC OUI
3. Ingress interface
4. Existing priorities used by various standard QoS classification systems (802.11e, 802.1p, and DSCP)
After VoIP clients associate with an SSID and begin sending traffic, the HiveAP maps all DNS and DHCP traffic to class
5, all TFTP and HTTP traffic to class 2, and all remaining traffic—voice traffic in this case—to class 6 (see Figure 7).
Figure 7 MAC OUI and Service Classifier Maps for VoIP Phones
01:22:34:BF:6C:04
01:22:34:5D:00:02
01:22:34:57:0B:3F
Data
L3
Header
L4
Header
Wireless L2
Header
Destination Port Number
HiveAP
Aerohive Class
7
6
5
4
3
2
1
0
When the destination port number in the L4
header is 53 (DNS) or 67 (DHCP), the
HiveAP maps the packet to Aerohive class 5.
When it is 69 (TFTP) or 80 (HTTP), the
HiveAP maps it to Aerohive class 2.
When the MAC OUI in the L2 header is
01:22:34, the HiveAP maps the packet to
Aerohive class 6.
HiveAP
VoIP Phones from the same
vendor (MAC OUI 01:22:34)
MAC OUI