User's Manual

ManualsBrandsSiemens Communications ManualsElectronicsHiPath Wireless AP, Altitude 450, Altitude 451

201

202

203

204

205

206

207

208

209

210

hwc_vnsconfiguration.fm

Virtual Network configuration

Configuring filtering rules for a VNS

A31003-W1050-U100-2-7619,

March 2008

HiPath Wireless Controller, Access Points and Convergence Software V5 R1 , C20/C2400 User Guide 201

Once a wireless device user has logged in on the Captive Portal page, and has

been authenticated by the RADIUS server, then the following filters will apply:

• Filter ID – If a filter ID associated with this user was returned by the

authentication server.

• Default filter – If no matching filter ID was returned from the authentication

server.

6.9.3 Filtering rules for a filter ID group

When the wireless device user provides the identification credentials,

identification is sent by the HiPath Wireless Controller to the RADIUS server, or

other authentication server, through a sequence of exchanges depending on the

type of authentication protocol used.

When the server allows this request for authentication—the server sends an

access-accept message, the RADIUS server may also send back to the HiPath

Wireless Controller a filter ID attribute value associated with the user. For an AAA

VNS, a Login-LAT-Group identifier for the user may also be returned. VNS Policy

is also applicable for Captive Portal and MAC-based authorization.

If the filter ID attribute value (or Login-LAT-Group attribute value) from the

RADIUS server matches a filter ID value that you have set up on the HiPath

Wireless Controller, the HiPath Wireless Controller applies the filtering rules that

you defined for that filter ID value to the wireless device user.

If no filter ID is returned by the authentication server, or no match is found on the

HiPath Wireless Controller, the filtering rules in the default filter will apply to the

wireless device user.

In Out Allow IP / Port Description

x x x IP address of the default

gateway

Allow all incoming wireless devices

access to the default gateway of the VNS.

x x x IP address of the DNS

Server

Allow all incoming wireless devices

access to the DNS server of the VNS.

x x [a specific IP address, or

address plus range]

Deny all traffic to a specific IP address, or

to a specific IP address range (such as:0/

24).

x x x *.*.*.*:80 Allow all port 80 (HTTP) traffic.

x x *.*.*.* Deny everything else.

Table 16 Non-authenticated filter example B