Profile security configuration, Defining profile vpn settings – Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 166
156
Brocade Mobility Access Point System Reference Guide
53-1003100-01
5
•
Administrators often need to route traffic to interoperate between different VLANs. Bridging
VLANs are only for
non-routable traffic, like tagged VLAN frames destined to some other device which will untag it.
When a data frame is received on a port, the VLAN bridge determines the associated VLAN
based on the port of reception.
•
Static routes, while easy, can be overwhelming within a large or complicated network. Each
time there is a change, someone must manually make changes to reflect the new route. If a
link goes down, even if there is a second path, the router would ignore it and consider the link
down.
•
Static routes require extensive planning and have a high management overhead. The more
routers that exist in a network, the more routes need to be configured. If you have N number of
routers and a route between each router is needed, then you must configure N x N routes.
Thus, for a network with nine routers, you will need a minimum of 81 routes
(9 x 9 = 81).
Profile Security Configuration
An access point profile can have its own firewall policy, wireless client role policy, WEP shared key
authentication and NAT policy applied.
For more information, refer to the following sections:
•
•
Defining Profile Security Settings
•
Setting the Certificate Revocation List (CRL) Configuration
•
Setting the Profile’s NAT Configuration
•
Setting the Profile’s Bridge NAT Configuration
Defining Profile VPN Settings
Profile Security Configuration
IPSec VPN provides a secure tunnel between two networked peer access points or controllers.
Administrators can define which packets are sent within the tunnel, and how they’re protected.
When a tunnelled peer sees a sensitive packet, it creates a secure tunnel and sends the packet
through the tunnel to its remote peer destination.
Tunnels are sets of security associations (SA) between two peers. SAs define the protocols and
algorithms applied to sensitive packets and specify the keying mechanisms used by tunnelled
peers. SAs are unidirectional and exist in both the inbound and outbound direction. SAs are
established per the rules and conditions of defined security protocols (AH or ESP).
Use crypto maps to configure IPSec VPN SAs. Crypto maps combine the elements comprising IPSec
SAs. Crypto maps also include transform sets. A transform set is a combination of security
protocols, algorithms and other settings applied to IPSec protected traffic. One crypto map is
utilized for each IPSec peer, however for remote VPN deployments one crypto map is used for all
the remote IPSec peers.