Concept Guide
Table Of Contents
- About this Guide
- About Instant
- Setting up a W-IAP
- Automatic Retrieval of Configuration
- Instant User Interface
- Initial Configuration Tasks
- Basic Configuration Tasks
- Additional Configuration Tasks
- Customizing W-IAP Settings
- Modifying the W-IAP Hostname
- Configuring Zone Settings on a W-IAP
- Specifying a Method for Obtaining IP Address
- Configuring External Antenna
- Configuring Radio Profiles for a W-IAP
- Configuring Uplink VLAN for a W-IAP
- Changing USB Port Status
- Master Election and Virtual Controller
- Adding a W-IAP to the Network
- Removing a W-IAP from the Network
- VLAN Configuration
- Wireless Network Profiles
- Configuring Wireless Network Profiles
- Configuring Fast Roaming for Wireless Clients
- Editing Status of a WLAN SSID Profile
- Editing a WLAN SSID Profile
- Deleting a WLAN SSID Profile
- Wired Profiles
- Configuring a Wired Profile
- Assigning a Profile to Ethernet Ports
- Editing a Wired Profile
- Deleting a Wired Profile
- Link Aggregation Control Protocol
- Understanding Hierarchical Deployment
- Captive Portal for Guest Access
- Understanding Captive Portal
- Configuring a WLAN SSID for Guest Access
- Configuring Wired Profile for Guest Access
- Configuring Internal Captive Portal for Guest Network
- wConfiguring External Captive Portal for a Guest Network
- Configuring Facebook Login
- Configuring Guest Logon Role and Access Rules for Guest Users
- Configuring Captive Portal Roles for an SSID
- Configuring Walled Garden Access
- Authentication and User Management
- Managing W-IAP Users
- Supported Authentication Methods
- Supported EAP Authentication Frameworks
- Configuring Authentication Servers
- Understanding Encryption Types
- Configuring Authentication Survivability
- Configuring 802.1X Authentication for a Network Profile
- Configuring MAC Authentication for a Network Profile
- FConfiguring MAC Authentication with 802.1X Authentication
- hConfiguring MAC Authentication with Captive Portal Authentication
- Configuring WISPr Authentication
- Blacklisting Clients
- Uploading Certificates
- Roles and Policies
- Firewall Policies
- Content Filtering
- Configuring User Roles
- Configuring Derivation Rules
- Using Advanced Expressions in Role and VLAN Derivation Rules
- DHCP Configuration
- VPN Configuration
- IAP-VPN Deployment
- Adaptive Radio Management
- Deep Packet Inspection and Application Visibility
- Voice and Video
- Services
- AirGroup Configuration
- Configuring a W-IAP for RTLS Support
- Configuring a W-IAP for Analytics and Location Engine Support
- Configuring OpenDNS Credentials
- Integrating a W-IAP with Palo Alto Networks Firewall
- Integrating a W-IAP with an XML API interface
- CALEA Integration and Lawful Intercept Compliance
- W-IAP Management and Monitoring
- Managing a W-IAP from W-AirWave
- Image Management
- Resetting a W-IAP
- W-IAP and Client Monitoring
- Template-based Configuration
- Trending Reports
- Intrusion Detection System
- Wireless Intrusion Detection System (WIDS) Event Reporting to W-AirWave
- RF Visualization Support for Instant
- PSK-based and Certificate-based Authentication
- Configurable Port for W-IAP and W-AirWave Management Server Communication
- Configuring Organization String
- Managing a W-IAP from W-AirWave
- Uplink Configuration
- Intrusion Detection
- Mesh W-IAP Configuration
- Mobility and Client Management
- Spectrum Monitor
- W-IAP Maintenance
- Monitoring Devices and Logs
- Hotspot Profiles
- Understanding Hotspot Profiles
- Configuring Hotspot Profiles
- Creating Advertisement Profiles for Hotspot Configuration
- Configuring an NAI Realm Profile
- Configuring a Venue Name Profile
- Configuring a Network Authentication Profile
- Configuring a Roaming Consortium Profile
- Configuring a 3GPP Profile
- Configuring an IP Address Availability Profile
- Configuring a Domain Profile
- Configuring an Operator-friendly Profile
- Configuring a Connection Capability Profile
- Configuring an Operating Class Profile
- Configuring a WAN Metrics Profile
- Creating a Hotspot Profile
- Associating an Advertisement Profile to a Hotspot Profile
- Creating a WLAN SSID and Associating Hotspot Profile
- Creating Advertisement Profiles for Hotspot Configuration
- Sample Configuration
- ClearPass Guest Setup
- IAP-VPN Deployment Scenarios
- Terminology
190 | Roles and Policies Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide
l Configuring access rules based on application and application categories, see Configuring ACL Rules for
Application and Application Categories on page 266.
l Configuring access rules based on web categories and web reputation, see Configuring Web Policy
Enforcement Service on page 269.
In the Instant UI
To configure ACL rules for a user role:
1. Navigate to Security > Roles. The Roles tab contents are displayed.
You can also configure access rules for a wired or wireless client through the WLAN wizard (Network
tab>WLAN SSID> Edit>Edit WLAN > Access )or the Wired profile (More > Wired>Edit> Edit Wired
Network> Access) window.
2. Select the role for which you want to configure access rules.
3. In Access rules section, click New to add a new rule. The New Rule window is displayed.
4. Ensure that the rule type is set to Access Control
5. To configure a rule to control access to network services, select Network under service category and specify
the following parameters:
Service
Category
Description
Network
Select a service from the list of available services. You can allow or deny access to any or
all of the following services based on your requirement:
l any—Access is allowed or denied to all services.
l custom—Available options are TCP, UDP, and Other. If you select the TCP or UDP
options, enter appropriate port numbers. If you select the Other option, enter the
appropriate ID.
NOTE: If TCP and UDP uses the same port, ensure that you configure separate access
rules to permit or deny access.
Action
Select any of following actions:
l Select Allow to allow access users based on the access rule.
l Select Deny to deny access to users based on the access rule.
l Select Destination-NAT to allow changes to destination IP address.
l Select Source-NAT to allow changes to the source IP address.
Destination
Select a destination option for the access rules for network services, applications, and
application categories. You can allow or deny access to any the following destinations
based on your requirements.
l to all destinations— Access is allowed or denied to all destinations.
l to a particular server—Access is allowed or denied to a particular server. After
selecting this option, specify the IP address of the destination server.
l except to a particular server—Access is allowed or denied to servers other than the
specified server. After selecting this option, specify the IP address of the destination
server.
l to a network—Access is allowed or denied to a network. After selecting this option,
Table 37: Access Rule Configuration Parameters