Manualshelf

Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS6000 - Wireless RF Switch
581582583584585586587588589590
D-57
One or more RF Switches are installed and operational on the network
One or more AP300 Access Ports configured and adopted by the switch
One (or more) WLAN profiles are configured and assigned to adopted radios
A Windows XP workstation with Microsoft Internet Explorer or Mozilla Firefox to perform Web UI
configuration and verify secure network management
D.5.1.2 Components
The information in this section is based on the following Motorola hardware and software versions:
1 RFS6000 model switch
D.5.1.3 Restricting Management Access
Restricting remote access to the RF Switch ensures only trusted hosts can communicate with enabled
management services on the switch. This ensures only trusted hosts can perform management tasks and
provide protection from brute force attacks from hosts attempting to break into the switch.
Secure Management
By default, management connections can be established with any enabled IP interface on the RF Switch,
including IP interfaces used to provide hotspot guest services. Management access can be restricted by
limiting management access to a specific IP interface on the RF Switch.
1. The first step for securing management access is selecting a management IP interface. For security, it is
a best practice to use a dedicated VLAN which has limited (or no) access from WLAN devices.
2. The second step for securing management access, is enabling the secure management feature. The
secure management feature will restrict management access to only the management IP interface.
As shown in the figure above, the RF Switch has two IP interfaces defined, vlan10 hosting management and
network services and vlan70 providing guest services. For security, the guest network is separated from all
trusted VLANs by a firewall.
In this scenario, by default, RF Switch management services are accessible on both interface vlan10 and
interface vlan70. This is not desirable. By selecting interface vlan10 as the management interface and
enabling secure management, the RF Switch only accepts management sessions on interface vlan10.
Management access from vlan70 is no longer available.
Switch Web UI Configuration
The following configuration example demonstrates how to define a management IP interface and enable
secure management:
Interface Description IP Address Management
vlan10 SERVICES 192.168.10.14/24 Yes
vlan70 GUEST 192.168.70.14/24 No