Wireless client roles, Configuring a client’s role policy – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 594
582
Brocade Mobility RFS Controller System Reference Guide
53-1003099-01
10
6. Select Add to add additional IP Firewall Rule configurations. Select Remove to remove selected
IP Firewall Rules as they become obsolete for filtering network access permissions.
7. Select OK when completed to update the IP Firewall rules. Select Reset to revert the screen
back to its last saved configuration.
Wireless Client Roles
Define wireless client roles to filter clients from based on matching policies. Matching policies
(much like ACLs) are sequential collections of permit and deny conditions that apply to packets
received from connected clients. When a packet is received from a client, the controller or service
platform compares the fields in the packet against applied matching policy rules to verify the
packet has the required permissions to be forwarded, based on the criteria specified. If a packet
does not meet any of the criteria specified, the packet is dropped.
Additionally, wireless client connections are also managed by granting or restricting access by
specifying a range of IP or MAC addresses to include or exclude from connectivity. These MAC or IP
access control mechanisms are configured as Firewall Rules to further refine client filter and
matching criteria.
Configuring a Client’s Role Policy
To configure a wireless client’s role policy and matching criteria:
1. Select Configuration > Security > Wireless Client Roles.The Wireless Client Roles screen
displays the name of those client role policies created thus far.
2. Select Add to create a new Wireless Client Role policy, Edit to modify an existing policy or
Delete to remove a policy.
ICMP Code
Selecting ICMP as the protocol for the IP rule displays an additional set of ICMP specific options for ICMP
type and code. Many ICMP types have a corresponding code, helpful for troubleshooting network issues
(0 - Net Unreachable, 1 - Host Unreachable, 2 - Protocol Unreachable etc.).
Start VLAN
Select a Start VLAN icon within a table row to set (apply) a start VLAN range for this IP ACL filter. The Start
VLAN represents the virtual LAN beginning numeric identifier arriving packets must adhere to in order to
have the IP ACL rules apply.
End VLAN
Select an End VLAN icon within a table row to set (apply) an end VLAN range for this IP ACL filter. The End
VLAN represents the virtual LAN end numeric identifier arriving packets must adhere to in order to have
the IP ACL rules apply.
Mark
Select an IP Firewall rule’s Mark checkbox to enable or disable event marking and set the rule’s 8021p or
dscp level (from 0 - 7).
Log
Select an IP Firewall rule’s Log checkbox to enable or disable event logging for this rule’s usage.
Enable
Select an IP Firewall rule’s Enable or Disable icon to determine this rule’s inclusion with the IP firewall
policy.
Description
Lists the administrator assigned description applied to the IP ACL rule. Select a description within the
table to modify its character string as filtering changes warrant. Select the icon within the Description
table header to launch a Select Columns screen used to add or remove IP ACL criteria from the table.