Manualshelf

User guide

ManualsBrandsExtreme Networks ManualsSwitchSummit WM Series
41424344454647484950
Configuring the Summit WM series switch
Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.1 User Guide
50
To confirm that ports are set for OSPF:
1 To confirm that the ports are set up for OSPF, and that advertised routes from the upstream router
are recognized, click View Forwarding Table. The Forwarding Table is displayed.
The following additional reports display OSPF information when the protocol is in operation:
OSPF Neighbor – Displays the current neighbors for OSPF (routers that have interfaces to a
common network)
OSPF Linkstate – Displays the Link State Advertisements (LSAs) received by the currently
running OSPF process. The LSAs describe the local state of a router or network, including the
state of the router’s interfaces and adjacencies.
2 To update the display, click Refresh.
Filtering at the interface level
The Summit WM series switch, access points, and WLAN switch software has a number of built-in
filters that protect the system from unauthorized traffic. These filters are specific only to the Summit
WM series switch. These filters are applied at the network interface level and are automatically invoked.
By default, these filters provide stringent-level rules to allow only access to the system's externally
visible services. In addition to these built-in filters, the administrator can define specific exception filters
at the interface-level to customize network access. These filters do not depend on a WM-AD definition.
Built-in port-based exception filters
On the Summit WM series switch, various port-based exception filters are built in and invoked
automatically. These filters protect the Summit WM series switch from unauthorized access to system
management functions and services via the ports. Access to system management functions is granted if
the administrator selects the allow management option.
Allow management traffic is now specific to the interface being allowed. For example, if allow
management is allowed on a physical port (esa0), only users connected through ESA0 will be able to get
access to the system. Users connecting on any other interface such as a WM-AD (esa6) will no longer be
able to target ESA0 to gain management access to the system. In order to allow access for users
connected on a WM-AD, the WM-AD configuration itself must have allow management enabled and
users will only be able to target the WM-AD interface specifically.
NOTE
You can also enable management traffic in the WM-AD definition.
For example, on the Summit WM series switch’s data interfaces (both physical interfaces and WM-AD
virtual interfaces), the built-in exception filter prohibits invoking SSH, HTTPS, or SNMP. However, such
traffic is allowed, by default, on the management port.
If management traffic is explicitly enabled for any interface (physical port or WM-AD), access is
implicitly extended to that interface through any of the other interfaces (WM-AD). Only traffic
specifically allowed by the interface’s exception filter is allowed to reach the Summit WM series switch
itself. All other traffic is dropped. Exception filters are dynamically configured and regenerated
whenever the system's interface topology changes (for example, a change of IP address for any
interface).