Manualshelf

User's Manual

ManualsBrandsSiemens Communications ManualsElectronicsHiPath Wireless AP, Altitude 450, Altitude 451
21222324252627282930
Overview of the Controller, Access Points and Convergence Software solution
hwc_intro.fm
Controller, Access Points and Convergence Software and your network
A31003-W1050-U100-2-7619
, March 2008
28 HiPath Wireless Controller, Access Points and Convergence Software V5 R1 , C20/C2400 User Guide
2.3.4 Static routing and routing protocols
Routing can be used on the HiPath Wireless Controller to support the VNS
definitions. Through the user interface you can configure routing on the HiPath
Wireless Controller to use one of the following routing techniques:
•Static routes – Use static routes to set the default route of a HiPath Wireless
Controller so that legitimate wireless device traffic can be forwarded to the
default gateway.
Open Shortest Path First (OSPF, version 2) (RFC2328) – Use OSPF to
allow the HiPath Wireless Controller to participate in dynamic route selection.
OSPF is a protocol designed for medium and large IP networks with the ability
to segment routes into different areas by routing information summarization
and propagation. Static Route definition and OSPF dynamic learning can be
combined, but a static route definition will take precedence over dynamic
rules.
Next-hop routing – Use next-hop routing to specify a unique gateway to
which traffic on a VNS is forwarded. Defining a next-hop for a VNS forces all
the traffic in the VNS to be forwarded to the indicated network device,
bypassing any routing definitions of the controller's route table.
2.3.5 Packet filtering policy
Policy refers to the rules that allow different groups of users access to the
network. The Controller, Access Points and Convergence Software system can
link authorized users to user groups. These user groups then can be confined to
predefined portions of the network.
In the Controller, Access Points and Convergence Software system, network
access policy is carried out by means of packet filtering within a VNS.
In the HiPath Wireless Controller user interface, you set up a packet filtering
policy by defining a set of hierarchical rules that allow or deny traffic to specific IP
addresses, IP address ranges, or service ports. The sequence and hierarchy of
these filtering rules must be carefully designed based on your enterprise user
access plan.
The authentication technique selected determines how filtering is carried out:
If authentication is by SSID and Captive Portal, a non-authenticated filter
allows all users to get as far as the Captive Portal Web page, where logon
authentication occurs. When authentication is returned, then filters are
applied, based on user ID and permissions.
If authentication is by AAA (802.1x), users have logged on and have been
authenticated before being assigned an IP address. When authentication is
completed, the authenticated filter is assigned by default unless a more user-