User's Manual

ManualsBrandsSiemens Communications ManualsElectronicsHiPath Wireless AP, Altitude 450, Altitude 451

151

152

153

154

155

156

157

158

159

160

Virtual Network Services

hwc_vnsintro.fm

Filtering for a VNS

A31003-W1050-U100-2-7619

, March 2008

154 HiPath Wireless Controller, Access Points and Convergence Software V5 R1 , C20/C2400 User Guide

In addition, the definition of a specific filter ID is optional configuration. If a specific

filter ID is not defined or returned by the access-accept operation, the HiPath

Wireless Controller assigns the VNS' default filter for authenticated users.

Note: The HiPath Wireless Controller only assigns the device's IP after the client

requests one.

Both Captive Portal and AAA (802.1x) authentication mechanisms in Controller,

Access Points and Convergence Software rely on a RADIUS server on the

enterprise network. You can identify and prioritize up to three RADIUS servers on

the HiPath Wireless Controller—in the event of a failover of the active RADIUS

server, the HiPath Wireless Controller will poll the other servers in the list for a

response. Once an alternate RADIUS server is found, it becomes the active

RADIUS server, until it either also fails, or the administrator redefines another.

5.6 Filtering for a VNS

The VNS capability provides a technique to apply policy, to allow different network

access to different groups of users. This is accomplished by packet filtering.

After setting authentication, define the filtering rules for the filters that apply to

your network and the VNS you are setting up. Several filter types are applied by

the HiPath Wireless Controller:

• Exception filter – Protect access to a system's own interfaces, including the

VNS' own interface. VNS exception filters are applied to user traffic intended

for the HiPath Wireless Controller's own interface point on the VNS. These

filters are applied after the user's specific VNS state assigned filters.

• Non-authenticated filter with filtering rules that apply before

authentication – Controls network access and to direct users to a Captive

Portal Web page for login.

• Group filters, by filter ID, for designated user groups – Controls access

to certain areas of the network, with values that match the values defined for

the RADIUS filter ID attribute.

• Default filter – Controls access if there is no matching filter ID for a user.

Within each type of filter, define a sequence of filtering rules. The filtering rule

sequence must be arranged in the order that you want them to take effect. Each

rule is defined to allow or deny traffic in either direction:

•In – From a wireless device in to the network

•Out – From the network out to a wireless device