User guide
HWC_VNSConfiguration.fm
A31003-W1010-A100-1-7619, July 2005
HiPath Wireless Controller, Access Points and Convergence Software V3.0: User Guide
91
Virtual Network configuration
Filtering rules for a VNS
3. Group filters (by Filter ID) for designated user groups, that apply after authentication, when
the RADIUS server returns the "access-accept" message along with the Filter-ID attribute
value associated with the user.
4. Default filter, to control access if there is no matching Filter ID for a user.
For an AAA VNS, since users have already been authenticated, there is no need for a Non-
Authenticated filter. When authentication is returned, then the Filter ID group filters are applied.
For AAA, a VNS can have a subgoup with Login-LAT-group ID that has its own filtering rules. If
no Filter ID matches are found, then the Default filter is applied.
7.5.1 Filtering rules for an exception filter
The exception filter on an VNS applies only to the destination portion of the packet. The screen
is set to allow or deny (allow left unchecked) traffic to the specified IP address and IP port.
Adding the exception filtering rules allows the network administration to either tighten or relax
the built-in filtering that automatically drops packets not specifically allowed by filtering rule
definitions. The exception filtering rules could deny access in the event of DoS attack, or on the
other hand, could allow certain types of management traffic that would otherwise be denied.
Define the filtering rules for an exception filter
1. In the Virtual Network Configuration - Filtering screen, using the Filter ID drop-down list,
select Exception.
2. Follow the steps described below for the non-authenticated filter.