beautypg.com

Wireless ips (wips) – Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 566

background image

556

Brocade Mobility Access Point System Reference Guide

53-1003100-01

8

6. Select + Add Row as needed to add additional MAC Firewall Rule configurations. Select the -

Delete Row icon as required to remove selected MAC Firewall Rules.

7. Select OK when completed to update the MAC Firewall Rules. Select Reset to revert to the last

saved configuration.

Wireless IPS (WIPS)

Getting Started with the Mobile Computer

The access point supports Wireless Intrusion Protection Systems (WIPS) to provide continuous
protection against wireless threats and act as an additional layer of security complementing
wireless VPNs and encryption and authentication policies. An access point supports WIPS through
the use of dedicated sensor devices designed to actively detect and locate unauthorized AP
devices. After detection, they use mitigation techniques to block the devices by manual
termination, air lockdown, or port suppression.

Unauthorized APs are untrusted and unsanctioned access points connected to a LAN that accept
client associations. They can be deployed for illegal wireless access to a corporate network,
implanted with malicious intent by an attacker, or could just be misconfigured access points that
do not adhere to corporate policies. An attacker can install a unauthorized AP with the same ESSID
as the authorized WLAN, causing a nearby client to associate to it. The unauthorized AP can then
steal user credentials from the client, launch a man-in-the middle attack or take control of wireless
clients to launch denial-of-service attacks.

NOTE

WIPS is not supported natively by an Brocade Mobility 6511 Access Point access point and must be
deployed using an external WIPS server resource.

A WIPS server can be deployed as a dedicated solution within a separate enclosure. When used
with associated access point radios, a WIPS deployment provides the following enterprise class
security management features:

Threat Detection - Threat detection is central to a wireless security solution. Threat detection
must be robust enough to correctly detect threats and swiftly help protect the wireless
network.

Precedence

Use the spinner control to specify a precedence for this MAC firewall rule from 1 - 5000.
Rules with lower precedence are always applied first to packets.

VLAN ID

Enter a VLAN ID representative of the shared SSID each user employs to interoperate
within the network (once authenticated by the RADIUS server). The VLAN ID can be from 1
- 4094.

Match 802.1P

Configures IP DSCP to 802.1p priority mapping for untagged frames. Use the spinner
control to define a setting from 0 - 7.

Ethertype

Use the drop-down menu to specify an Ethertype of either other, ipv4, arp, rarp, appletalk,
aarp, mint, wisp,ipx, 802.1q and ipv6. An Ethertype is a two-octet field within an Ethernet
frame. It is used to indicate which protocol is encapsulated in the payload of an Ethernet
frame.

Description

Provide a description (up to 64 characters) for the rule to help differentiate the it from
others with similar configurations.

See also other documents in the category Brocade Computer Accessories: