beautypg.com

Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 338

background image

322

Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

4

Example

rfs7000-37FABE(config-wlan-test)#accounting syslog host 172.16.10.4 port 2

proxy-mode none

rfs7000-37FABE(config-wlan-test)#show context

wlan test

ssid test

bridging-mode tunnel

encryption-type none

authentication-type none

accounting syslog host 172.16.10.4 port 2

rfs7000-37FABE(config-wlan-test)#

acl

wlan-mode commands

Defines the actions taken based on an ACL rule configuration

Use the use > ip-access-list to associate an ACL with the WLAN. The ACL
rule is determined by the associated ACL’s configuration.

A Firewall is a mechanism enforcing access control, and is considered a first line of defense in
protecting proprietary information within the network. The means by which this is accomplished
varies, but in principle, a Firewall can be thought of as mechanisms allowing and denying data
traffic in respect to administrator defined rules. For an overview of Firewalls, see Wireless Firewall.

WLANs use Firewalls like Access Control Lists (ACLs) to filter/mark packets based on the WLAN
from which they arrive, as opposed to filtering packets on Layer 2 ports. An ACL contains an
ordered list of Access Control Entries (ACEs). Each ACE specifies an action and a set of conditions
(rules) a packet must satisfy to match the ACE. The order of conditions in the list is critical since
filtering is stopped after the first match.

IP based Firewall rules are specific to source and destination IP addresses and the unique rules
and precedence orders assigned. Both IP and non-IP traffic on the same Layer 2 interface can be
filtered by applying both an IP ACL and a MAC.

Additionally, administrators can filter Layer 2 traffic on a physical Layer 2 interface using MAC
addresses. A MAC Firewall rule uses source and destination MAC addresses for matching
operations, where the result is a typical allow, deny or mark designation to WLAN packet traffic.

Keep in mind IP and non-IP traffic on the same Layer 2 interface can be filtered by applying both an
IP ACL and a MAC ACL to the interface.

Supported in the following platforms:

Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point

Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000

Service Platforms — Brocade Mobility RFS9510

Syntax:

acl exceed-rate wireless-client-denied-traffic <0-1000000>

{blacklist|disassociate}

See also other documents in the category Brocade Computer Accessories: