Manualshelf

User's Manual

ManualsBrandsSiemens Communications ManualsElectronicsHiPath Wireless AP, Altitude 450, Altitude 451
51525354555657585960
hwc_startup.fm
Configuring the HiPath Wireless Controller
Performing the first time setup of the HiPath Wireless Controller
A31003-W1050-U100-2-7619,
March 2008
HiPath Wireless Controller, Access Points and Convergence Software V5 R1 , C20/C2400 User Guide 53
for users connected on a VNS, the VNS configuration itself must have allow
management enabled and users will only be able to target the VNS interface
specifically.
Note: You can also enable management traffic in the VNS definition.
For example, on the HiPath Wireless Controller’s data interfaces (both physical
interfaces and VNS virtual interfaces), the built-in exception filter prohibits
invoking SSH, HTTPS, or SNMP. However, such traffic is allowed, by default, on
the management port.
If management traffic is explicitly enabled for any interface (physical port or VNS),
access is implicitly extended to that interface through any of the other interfaces
(VNS). Only traffic specifically allowed by the interface’s exception filter is allowed
to reach the HiPath Wireless Controller itself. All other traffic is dropped.
Exception filters are dynamically configured and regenerated whenever the
system's interface topology changes (for example, a change of IP address for any
interface).
Enabling management traffic on an interface adds additional rules to the
exception filter, which opens up the well-known IP(TCP/UDP) ports,
corresponding to the HTTPS, SSH, and SNMP applications.
The port-based built-in exception filtering rules, in the case of traffic from VNS
users, are applicable to traffic targeted directly for the VNSs interface. For
example, a VNS filter may be generic enough to allow traffic access to the HiPath
Wireless Controller's management (for example, Allow All [*.*.*.*]). Exception
filter rules are evaluated after the user's VNS assigned filter policy, as such, it is
possible that the VNS policy allow the access to management functions that the
exception filter denies. These packets are dropped.
To enable SSH, HTTPS, or SNMP access through a data interface:
1. From the main menu, click Wireless Controller Configuration. The HiPath
Wireless Controller Configuration page is displayed.
2. In the left pane, click IP Addresses. The Management Port Settings page
is displayed.