Manualshelf

User guide

ManualsBrandsExtreme Networks ManualsSwitchSummit WM Series
121122123124125126127128129130
WM Access Domain Services configuration
Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.1 User Guide
126
Defining non-authenticated filters
Defining non-authenticated filters allows administrators to identify destinations to which a user is
allowed to access without incurring an authentication redirection. Typically, the recommended default
rule is to deny all. Administrators should define a rule set that will permit users to access essential
services:
DNS (IP of DNS server)
Default Gateway (WM-AD Interface IP)
Any HTTP streams requested by the client for denied targets will be redirected to the specified location.
The non-authenticated filter should allow access to the Captive Portal page IP address, as well as to any
URLs for the header and footer of the Captive Portal page. This filter should also allow network access
to the IP address of the DNS server and to the network address—the gateway of the WM-AD. The WM-
AD gateway is used as the IP for an internal Captive Portal page. An external Captive Portal will
provide a specific IP definition of a server outside the Summit WM series switch.
Redirection and Captive Portal credentials apply to HTTP traffic only. A wireless device user attempting
to reach Websites other than those specifically allowed in the non-authenticated filter will be redirected
to the allowed destinations. Most HTTP traffic outside of those defined in the non-authenticated filter
will be redirected.
NOTE
Although non-authenticated filters definitions are used to assist in the redirection of HTTP traffic for restricted or
denied destinations, the non-authenticated filter is not restricted to HTTP operations. The filter definition is general.
Any traffic other than HTTP that the filter does not explicitly allow will be discarded by the controller.
The non-authenticated filter is applied by the Summit WM series switch to sessions until they
successfully complete authentication. The authentication procedure results in an adjustment to the user's
applicable filters for access policy. The authentication procedure may result in the specification of a
specific filter ID or the application of the default filter for the WM-AD.
Typically, default filter ID access is less restrictive than a non-authenticated profile. It is the
administrator’s responsibility to define the correct set of access privileges.
To define filtering rules for a non-authenticated filter:
1 From the main menu, click WM Access Domain Configuration. The WM Access Domain
Configuration screen is displayed.
2 In the left pane WM Access Domains list, click the WM-AD you want to define filter ID values for.
The Top ol o gy tab is displayed.
3 Click the Filtering tab.