beautypg.com

Configuring wlan firewall support – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 287

background image

Brocade Mobility RFS Controller System Reference Guide

275

53-1003099-01

6

Brocade proprietary authentication techniques, can also be enabled on WLANs supporting
other Brocade proprietary techniques, such as KeyGuard.

A WLAN using KeyGuard to support legacy Brocade devices should also use largely limited to
the support of just those legacy clients using KeyGuard.

Configuring WLAN Firewall Support

Wireless LAN Policy

A firewall is a mechanism enforcing access control, and is considered a first line of defense in
protecting proprietary information within the network. The means by which this is accomplished
varies, but in principle, a firewall can be thought of as mechanisms both blocking and permitting
data traffic. For an overview of firewalls, see

Wireless Firewall

.

WLANs use firewalls like Access Control Lists (ACLs) to filter/mark packets based on the WLAN
from which they arrive, as opposed to filtering packets on Layer 2 ports. An ACL contains an
ordered list of Access Control Entries (ACEs). Each ACE specifies an action and a set of conditions
(rules) a packet must satisfy to match the ACE. The order of conditions in the list is critical since
filtering is stopped after the first match.

IP based firewall rules are specific to source and destination IP addresses and the unique rules
and precedence orders assigned. Both IP and non-IP traffic on the same Layer 2 interface can be
filtered by applying both an IP ACL and a MAC.

Additionally, administrators can filter Layer 2 traffic on a physical Layer 2 interface using MAC
addresses. A MAC firewall rule uses source and destination MAC addresses for matching
operations, where the result is a typical allow, deny or mark designation to WLAN packet traffic.

Keep in mind IP and non-IP traffic on the same Layer 2 interface can be filtered by applying both an
IP ACL and a MAC ACL to the interface.

To review access policies, create a new policy or edit the properties of an existing policy:

1. Select Configuration > Wireless LANs > Wireless LAN Policy to display available WLANs.

2. Select the Add button to create a new WLAN or Edit to modify the properties of an existing

WLAN.

3. Select Firewall from the Wireless LAN Policy options.

See also other documents in the category Brocade Computer Accessories: