beautypg.com

Supported access ports/points, Certificate management – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Page 37

background image

Brocade Mobility RFS7000-GR Controller System Reference Guide

23

53-1001944-01

Software overview

1

Remote VPN — Provides remote user ability to access company resources from outside the
company premises.

The switch supports:

IPSec termination for site to site

IPSec termination for remote access

IPSec traversal of firewall filtering

IPSec traversal of NAT

IPSec/L2TP (client to switch)

NAT

Network Address Translation (NAT) is supported for packets routed by the switch. The following
types of NAT are supported:

Port NAT– Port NAT (also known as NAPT) entails multiple local addresses are mapped to
single global address and a dynamic port number. The user is not required to configure any
NAT IP address. Instead IP address of the public interface of the switch is used to NAT packets
going out from private network and vice versa for packets entering private network.

Static NAT– Static NAT is similar to Port NAT with the only difference being that it allows the
user to configure a source NAT IP address and/or destination NAT IP address to which all the
packets will be NATted to. The source NAT IP address is used when hosts on a private network
are trying to access a host on a public network. A destination NAT IP address can be used for
public hosts to talk to a host on a private network.

Certificate management

Certificate Management is used to provide a standardized procedure to:

Generate a Server certificate request and upload the server certificate signed by certificate
authority (CA).

Uploading of CA's root certificate

Creating a self-signed certificate

Certificate management will be used by the applications HTTPS, VPN, HOTSPOT and RADIUS. For
information on configuring switch certificate management, see

“Creating server certificates”

on

page 418.

NAC

Using Network Access Control (NAC), the switch hardware and software grants access to specific
network resources. NAC performs a user and MU authorization check for resources that do not
have a NAC agent. NAC verifies a MU’s compliance with the switch’s security policy. The switch
supports only the EAP/802.1x type of NAC. However, the switch also provides a mean to bypass
NAC authentication for MU’s that do not have NAC 802.1x support (printers, phones, PDAs etc.). For
information on configuring NAC support, see

“Configuring NAC server support”

on page 122.

Supported Access Ports/Points

A Brocade Mobility RFS7000-GR Controller supports the adoption of the following Brocade
Enterprise Access Ports and Access Points:

See also other documents in the category Brocade Computer Accessories: