User guide

WM Access Domain Services Configuration

Summit WM20 User Guide, Software Release 4.2130

Filtering Rules by Filter ID Examples

Below are two examples of possible filtering rules for a filter ID. The first example disallows some

specific access before allowing everything else.

The second example does the opposite of the first example. It allows some specific access and denies

everything else.

Filtering Rules for a Default Filter

After authentication of the wireless device user, the default filter will apply only after:

● No match is found for the Exception filter rules.

● No filter ID attribute value is returned by the authentication server for this user.

● No match is found on the Summit WM Controller for a filter ID value.

The final rule in the default filter should be a catch-all rule for any traffic that did not match a filter. A

final Allow All rule in a default filter will ensure that a packet is not dropped entirely if no other match

can be found. WM-AD Policy is also applicable for Captive Portal and MAC-based authorization.

To define the filtering rules for a default filter:

1 From the main menu, click WM-AD Configuration. The WM-AD Configuration screen is

displayed.

2 In the left pane WM Access Domains list, click the WM-AD you want to define the filtering rules for

a default filter. The To po log y tab is displayed.

3 Click the Filtering tab.

Table 7: Filtering rules by filter ID example A

In Out Allow IP / Port Description

x x *.*.*.*:22-23 SSH and telnet sessions

x x [specific IP address, range] Deny all traffic to a specific IP address or address

range

x x x *.*.*.*. Allow everything else

Table 8: Filtering rules by filter ID example B

In Out Allow IP / Port Description

x x x [specific IP address, range] Allow traffic to a specific IP address or address

range.

x x *.*.*.*. Deny everything else.