WiNG How-To Guide MU to MU Disallow
The MU to MU disallow feature allows the RF Switch
to block communications exchanged between clients associated to a WLAN.With the
Motorola WLAN architecture, all MU traffic is forwarded to the RF Switch from
adopted Access Ports (APs). When MUs communicate with other MUs, the traffic is
forwarded from the source AP to the RF Switch and then onto the AP where the
destination MU resides.
The RF Switch can be configured disallow traffic
exchanged between the MUs on individual WLANs. Once enabled on a WLAN, the RF
Switch will block at layer 2 any communication attempts made between all MU MAC
addresses associated to the WLAN. Unlike autonomous AP deployments which can only
block MU to MU traffic within the AP, the RF Switch to block direct MU to MU
communications system wide regardless of the AP and Radio the MUs are
associated to.
Applications:
The primary application for disabling MU to MU
communications is Hotspot guest. As the user devices on a Hotspot are typically
un-managed, disabling MU to MU communications protects MUs from other MUs which
may be infected with worms and viruses. Additionally disabling MU to MU
communications also protects devices malicious attacks from other MUs as well
as prevents undesired peer-to-peer file sharing or on-line gaming from
dominating bandwidth.
Restrictions:
The MU to MU disallow feature will only block
communications exchanged between MUs on the same WLAN and will not block MU to
MU communications between MUs associated on different WLANs and subnets. To
block communications between MUs associated on different WLANs or subnets, the integrated
stateful firewall must be used.
Pre-Requisites:
Requirements:
The following requirements must be met prior to
attempting this configuration:
· Pre-Requisites:
Requirements:
The following requirements must be met prior to
attempting this configuration:
- One (or more) RF Switches are installed and
operational on the network.
- One (or more) Access Ports configured and adopted by
the RF Switch.
- One (or more) WLAN profiles are configured and
assigned to adopted radios.
- A Windows XP workstation is available with Microsoft
Internet Explorer or Mozilla Firefox to perform Web UI configuration.
- Two wireless workstations are available to test and
verify MU to MU communications.
- The reader has read the Motorola RFS Series Wireless
LAN Switches - WiNG System Reference Guide.
Components
Used:
The information in this document is based on the
following Motorola hardware and software versions:
- 1 x RFS6000 Version 3.3.
- 5 x AP300s.
Configuration:
The following section outlines the configuration
steps required to disable MU to MU communications for a WLAN on a RF Switch:
1)
Disallowing MU to MU Traffic [Section 3.1]:
3.1 Disallowing MU to MU Traffic:
As shown in figure 3.1, three WLANs have been created
at a site. MOTO-DATA and MOTO-VOICE are corporate WLANs providing data and
voice services to corporate users and VoIP handsets. MOTO-GUEST is a Hotspot
WLAN providing guest access to visitors and contractors.
In this example the company has deployed VoIP
handsets and converged communication clients with instant messaging and voice
communications potentially occurring between any wired or WLAN client. As a
result MU to MU traffic on MOTO-DATA and MOTO-VOICE WLANs will be allowed so
not to impact instant messaging or voice communications. On MOTO-GUEST MU to MU
traffic will be disallowed as MOTO-GUEST is an isolated network servicing
visitors and contractors which do not require direct client to client
communications.
Web
UI Configuration Example:
The following configuration example will demonstrate
how to disallow MU to MU traffic on the guest WLAN named MOTO-GUEST using the
Web UI:
RF
Switch Running Configuration:
The following shows the running configuration of the
RFS6000 switch used to create this guide:
RFS6000#
show running-config
Reference Documentation:
0 nhận xét:
Post a Comment