Popular Posts
-
The MU to MU disallow feature allows the RF Switch to block communications exchanged between clients associated to a WLAN.With the Motorola ... -
Pre-Requisites: Requirements: The following requirements must be met prior to attempting this configuration: One (or more) RF Switc... -
RADIUS Authentication Attributes: The RADIUS protocol follows client-server architecture and uses the User Datagram Protocol (UDP) as de... -
LDAP Server can be used as the database with WS5100 radius server. This document provides the details of configuration need to done for WS5... -
WS5100 login: cli User Access Verification Username: restore Password: restoreDefaultPassword WARNING:This will wipe out the con... -
IPSec VPN offers the security and encryption features necessary to protect enterprise data, voice, and video traffic as it traverses public... -
Components Used: The information in this document is based on the following hardware and software versions: · 1 x RFS4000 Swit... -
The following section outlines the configuration steps required to configure 802.11i with 802.1X and pre-shared keys on a RF Switch: 1) ... -
Use of ARP Cache in a network device Most of the network devices will have anARP cache; the content of the same will be a collection of IP...
WiNG How-To Guide Wireless Filters - Configuration
Requirements
The following requirements must be met prior to
attempting this configuration:
- One (or more) RF Switches are installed and operational on the network.
- One (or more) Access Ports configured and adopted by the RF Switch.
- One (or more) WLAN profiles are configured and assigned to adopted radios.
- A Windows XP workstation is available with Microsoft Internet Explorer or Mozilla Firefox to perform Web UI configuration and verify secure management operations.
- One (or more) wireless workstations are available to test and verify wireless filters.
- The reader has read the Motorola RFS Series Wireless LAN Switches - WiNG System Reference Guide.
Components
Used:
The information in this document is based on the
following Motorola hardware and software versions:
1 x RFS6000
Version 3.3.
5 x AP300s.
Configuration:
The following sections outline the configuration
steps required to enable wireless filters on an RF Switch:
1) Deny
Wireless Filters [Section 3.1]:
2) Allow
Wireless Filters [Section 3.2]:
Deny
Wireless Filters:
Wireless filters can be used to block devices and a
common application for wireless filtering is to block (or blacklist)
associations from a suspicious of malicious device. Administrators can create
up to 1000 wireless filter entries on the RF Switch which can deny access to
individual MAC addresses or range of MAC addresses as required. All MAC
addresses not matched by the wireless filter list will be able to associate to
the WLAN.
As shown in figure 3.1 wireless filtering has been
deployed on a guest WLAN named MOTO -GUEST to block a device with the MAC
address 00-40-96-ad-4c-f6. A wireless filter has been created on the RF Switch
with a Start MAC and End MAC set to a specific devices MAC address. If the
device attempts to associate with the MOTO-GUEST SSID, the RF Switch will deny
the association attempt and a log entry for the association attempt will be made
Web
UI Configuration Example:
The following configuration example will demonstrate
how to blacklist a single client MAC address on a WLAN using the Web UI:
5. Click Save to apply and save changes
Allow
Wireless Filters:
Wireless filters may also be used to allow access to
a specific group of devices such as mobile handhelds or VoIP handsets while
blocking associations for all other devices. As most enterprises typically
deploy mobile devices from a common vendor, the vendors OUI can be leveraged in
a wireless filter to restrict access to a range of the vendor’s devices. As no
implicit deny is provided an additional wireless filter must be created after
the allow filter to block access from all other vendor devices
As
shown in figure 3.2, wireless filtering has been deployed on a voice WLAN named
MOTO-VOICE to only allow select SpectraLink VoIP handsets to associate with the
WLAN. The first wireless filter has been created on the RF Switch allowing a
range of MAC addresses (00-40-96-4b-00-00 through 00-40-96-4b-ff-ff) to
associate with the WLAN. A second ‘catch all’ wireless filter has been created
denying access to all MAC addresses from 00-00-00-00-00-01 through
ff-ff-ff-ff-ff-fe.
In
this example an device with a MAC address that matches the range in the allow
list will be allowed to associated with the WLAN. Devices which do not match
the allowed list will be denied association from the RF Switch and a log entry
for the association attempt will be made.
Web
UI Configuration Example:
The following configuration example will demonstrate
how to allow a range of MAC address on a WLAN using the Web UI:
RF Switch Running Configuration:
The
following shows the running configuration of the RFS6000 switch used to create
this guide:
RFS6000# show running-config
Reference Documentation:
Subscribe to:
Post Comments (Atom)
Social Icons
Popular Posts
-
RADIUS Authentication Attributes: The RADIUS protocol follows client-server architecture and uses the User Datagram Protocol (UDP) as de... -
Components Used: The information in this document is based on the following hardware and software versions: · 1 x RFS4000 Swit... -
The following section outlines the configuration steps required to configure 802.11i with 802.1X and pre-shared keys on a RF Switch: 1) ... -
Overview WiNG version 4.0 includes a rich suite of features which are included with each RF Switch at no additional charge as well as... -
Components Used: The information in this document is based on the following Motorola hardware and software versions: 1 x RFS6000 or ... -
Snipe-IT is a free and open source, cross-platform, feature-rich IT asset management system built using a PHP framework called Laravel ... -
IPSec VPN offers the security and encryption features necessary to protect enterprise data, voice, and video traffic as it traverses public... -
Requirements: The following requirements must be met prior to attempting this configuration: One RFS4000 or RFS6000 WLAN Switch Contr... -
The Motorola Hotspot authentication feature offers a simple way to provide secure authenticated access on a WLAN for users and devices usin... -
Use of ARP Cache in a network device Most of the network devices will have anARP cache; the content of the same will be a collection of IP...
0 nhận xét:
Post a Comment