Manualshelf

User guide

ManualsBrandsExtreme Networks ManualsComputer equipmentWM20 Controller
919293949596979899100
WM Access Domain Services
Summit WM20 User Guide, Software Release 4.292
The following is a high-level description of how Summit WM Controller filters traffic:
Step One – The Summit WM Controller attempts to match each packet of a WM-AD to the filtering
rules that apply to the wireless device user.
Step Two – If a filtering rule is matched, the operation to allow or deny is executed.
Step Three – The next packet is fetched for filtering.
Data Protection on a WM-AD—WEP and WPA
On wireless and wired networks, data is protected by encryption techniques. The type of data
protection that is available depends on the WM-AD assignment mode:
SSID – Only WEP and WPA (1or 2)-PSK privacy types are available
AAA – WEP, Dynamic WEP, and WPA (1 or 2) privacy types are available
Data Protection Encryption Techniques
Wired Equivalent Privacy (WEP) – WEP encrypts data sent between wireless nodes. Each node must
use the same encryption key.
Wi-Fi Protected Access Privacy (WPA v.1 and v.2) – Encryption is by Advanced Encryption Standard
(AES) or by Temporal Key Integrity Protocol (TKIP). Two modes are available:
Enterprise – Specifies 802.1x authentication and requires an authentication server
Pre-Shared Key (PSK) – Relies on a shared secret. The PSK is a shared secret (pass-phrase) that
must be entered in both the Wireless AP or router and the WPA clients.
WM-AD Global Settings
Before defining a specific WM-AD, define the global settings that will apply to all WM-AD definitions.
These global settings include:
Identify the location and password of RADIUS servers on the enterprise network. The defined
servers appear as available choices when you set up the authentication mechanism for each WM-AD.
Define the shared secret used to encrypt the Pairwise Master Key (PMK) for WPA2 v.2 pre-
authentication between Summit WM Controllers on the network.
Enable Dynamic Authorization Server (DAS) configuration support.
NOTE
Dynamic Authorization Server (DAS) is disabled in the current release. You must skip the step of enabling DAS
configuration support.
Adjust admission control thresholds. Admission control thresholds protect admitted traffic against
overloads, provides distinct thresholds for VO and VI, and distinct thresholds for roaming and new
streams.