Manualshelf

User guide

ManualsBrandsSiemens ManualsCell PhoneC10
919293949596979899100
Virtual Network configuration
A31003-W1010-A100-1-7619, July 2005
94 HiPath Wireless Controller, Access Points and Convergence Software V3.0: User Guide
HWC_VNSConfiguration.fm
Filtering rules for a VNS
Here is another example of a Non-Authenticated Filter that adds two more filtering rules: one
denies access to a specific IP address, and the next rule allows only HTTP traffic, before
denying all other access:
Once a wireless device user has logged in on the Captive Portal page, and has been
authenticated by the RADIUS server, then the following filters will apply:
Filter ID Filter, if a Filter ID associated with this user was returned the authentication server
Default Filter, if no matching Filter ID was returned from the authentication server
These filters are described below.
7.5.3 Filtering rules for a Filter ID group
The next step is to define the filtering rules for the Filter ID values on the VNS.
When the wireless device user enters a login identification, that identification is sent by the
HiPath Wireless Controller to the RADIUS server or other authentication server, through a
sequence of exchanges depending on the type of authentication protocol used.
When the server allows this request for authentication (sends an "access-accept" message),
the RADIUS server may also send back to the HiPath Wireless Controller a Filter ID attribute
value associated with the user. For an AAA VNS, a Login-LAT-Group identifier for the user may
also be returned.
If the Filter ID attribute value (or Login-LAT-Group attribute value) from the RADIUS server
matches a Filter ID value that you have set up on the HiPath Wireless Controller, the HiPath
Wireless Controller applies to the wireless device user the filtering rules that you defined for
that Filter ID value.
If no Filter ID is returned by the authentication server, or no match is found on the HiPath
Wireless Controller, then the filtering rules in the Default Filter will apply to the wireless device
user.
In Out Allow IP / Port Description
x x x IP address of the Default
Gateway
Allow all incoming wireless devices access
to the default gateway of the VNS.
x x x IP address of the DNS
Server
Allow all incoming wireless devices access
to the DNS server of the VNS.
x x [a specific IP address, or
address plus range]
Deny all traffic to a specific IP address, or to
a specific IP address range (such as :0/24).
x x x *.*.*.*:80 Allow all port 80 (HTTP) traffic.
x x *.*.*.* Deny everything else.