Home » Dell Manuals » Hubs & Switches » Dell PowerConnect B-RX4 » Manual Viewer

Dell PowerConnect B-RX4 Dell Instant 6.1.3.4-3.1.0.0 User Guide - Page 150

Examples for Access Rules, Allow TCP Service to a Particular Network

View all Dell PowerConnect B-RX4 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 150 highlights

Table 23 Destination Options (Continued) Destination Description To a particular server Except to a particular server To a network Except to a network Access is allowed or denied to a particular server. You have to specify the IP address of the server. Access is allowed or denied to servers other than the specified server. You have to specify the IP address of the server. Access is allowed or denied to a network. You have to specify the IP address and netmask for the network. Access is allowed or denied to networks other than the specified network. You have to specify the IP address and netmask for the network. Examples for Access Rules This section provides procedures to create the following access rules.  Allow TCP Service to a Particular Network  Allow POP3 Service to a Particular Server  Deny FTP Service except to a Particular Server  Deny bootp Service except to a Particular Network Allow TCP Service to a Particular Network 1. Click the New link in the Networks tab. To define the access rule to an existing network, click the network. The edit link appears. Click the edit link and navigate to the Access tab. 2. In the WLAN Settings tab, enter the appropriate information. and click Next to continue. 3. Use the VLAN tab, to specify how the clients on this network will get their IP address and VLAN.Click Next to continue. 4. Click Next and set appropriate values in the Security tab. 5. Click Next. The Access tab appears. The Allow any to all destinations access rule is enabled by default. This rule allows traffic to all destinations. To define allow TCP service access rule to a particular network, perform the following steps: a. Click New, the New Rule window appears. b. Select Allow from the Action drop-down list. c. Select custom from the Service drop-down list.  Select TCP from the Protocol drop-down list.  Enter appropriate port number in the Port(s) text box. d. Select to a network from the Destination drop-down list.  Enter appropriate IP address in the IP text box.  Enter appropriate netmask in the Netmask text box. 150 | Instant Firewall Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0 | User Guide

Section	Page
Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0	1
Contents	3
About this Guide	11
Dell PowerConnect W-Instant Access Point Overview	11
Supported Devices	11
Objective	11
Intended Audience	11
Conventions	12
Contacting Support	12
Initial Configuration	13
Initial Setup	13
Pre-Installation Checklist	13
Connecting the IAP to a Power Source	14
Assigning an IP Address to the IAP	14
Connecting to a Provisioning Wi-Fi Network	14
Disabling the Provisioning Wi-Fi Network	15
Login into Instant User Interface	16
Specifying the Country Code	16
IAP Cluster	17
Instant User Interface	19
Understanding the Instant UI Layout	19
Banner	20
Search	20
Tabs	20
Networks Tab	20
Access Points Tab	21
Clients Tab	21
Links	22
New Version Available	22
Settings	23
RF	25
PEF	26
WIP	27
VPN	27
Wired	28
Maintenance	28
Support	30
Help	33
Logout	33
Monitoring	33
Spectrum	36
Alerts	38
IDS	40
Configuration	41
Language	41
Dell PowerConnect W-AirWave Setup	41
Pause/Resume	42
Views	42
Wireless Network	43
Network Types	43
Employee Network	43
Adding an Employee Network	44
Voice Network	51
Adding a Voice Network	52
Guest Network	58
Adding a Guest Network	59
Editing a Network	65
Deleting a Network	65
Number of WLAN SSIDs supported	65
Enabling the Extended SSID option	66
Mesh Network	67
Mesh Instant Access Points	67
Mesh Portals	67
Mesh Points	68
Instant Mesh Setup	68
Managing IAPs	71
Preferred Band	71
Auto Join Mode	71
Disabling Auto Join Mode	71
Terminal Access	72
LED Display	73
TFTP Dump Server	74
Extended SSID	75
Deny Inter User Bridging and Deny Local Routing	76
Terminal Access	77
Syslog Server	78
Syslog Facility Levels	78
Adding an IAP to the Network	79
Removing an IAP from the Network	79
Editing IAP Settings	80
Changing IAP Name	80
Changing IP Address of the IAP	80
Configuring Adaptive Radio Management	81
Configuring Uplink Management VLAN	82
Configuring Wired Bridging on Ethernet 0	82
Migrating to a Mobility Controller Managed Network	83
Converting an IAP to RAP Mode	83
Converting an IAP to CAP	86
Converting an IAP to Standalone Mode	86
Converting back to an IAP	87
Rebooting the IAP	87
Firmware Image Server in Cloud Network	89
Upgrade using Dell PowerConnect W-AirWave and Image Server	89
Image management using Cloud Server	89
Image management using Dell PowerConnect W-AirWave	89
Automatic Firmware Image Check and Upgrade	89
Upgrading to New Version	90
Manual	90
Automatic	92
Layer-3 Mobility	93
Overview	93
Configuring a mobility domain	94
Home Agent Load Balancing	96
Spectrum Monitor	97
Creating Spectrum Monitors and Hybrid APs	97
Converting IAPs into Hybrid IAPs	97
Converting an IAP to a Spectrum Monitor	98
Spectrum Data	100
Overview - Device List	100
Non-WiFi Interferers	101
Channel Metrics	102
Channel Details	103
Spectrum Alerts	103
NTP Server	105
Configuring an NTP Server	105
Virtual Controller	107
Master Election Protocol	107
Virtual Controller IP Address	107
Specifying Name and IP Address for the Virtual Controller	107
Configuring the DHCP Server	108
Authentication	109
Authentication Methods in Dell Instant	109
802.1X Authentication	109
Internal RADIUS Server	109
External RADIUS Server	110
Authentication Terminated on IAP	110
Configuring an External RADIUS Server	110
Enabling Instant RADIUS	112
RADIUS Server Authentication with VSA	113
List of supported VSA	113
Management Authentication Settings	116
Captive Portal	116
Internal Captive Portal	117
Configuring Internal Captive Portal Authentication when Adding a Guest Network	117
Configuring Internal Captive Portal Authentication when Editing a Guest Network	118
Configuring Internal Captive Portal with External Radius Server Authentication when Adding a Guest Network	119
Customizing a Splash Page	120
Disabling Captive Portal Authentication	121
External Captive Portal	122
Configuring External Captive Portal Authentication when Adding a Guest Network	122
Configuring External Captive Portal Authentication when Editing a Guest Network	124
External Captive Portal Authentication using Dell PowerConnect W-ClearPass GuestConnect	126
Creating a Web Login page in the Dell PowerConnect W-ClearPass GuestConnect	126
Configuring the RADIUS Server in Instant	126
MAC Authentication	127
Configuring MAC Authentication	127
Walled Garden Access	128
Creating a Walled Garden Access	128
Wired Authentication on an IAP	129
Certificates	129
Loading Certificates using Instant WebUI	130
Loading Certificates using Dell PowrConnect W-AirWave	131
Encryption	135
Encryption Types Supported in Dell Instant	135
WEP	135
TKIP	135
AES	135
Encryption Recommendations	135
Understanding WPA and WPA2	136
Recommended Authentication and Encryption Combinations	136
Role Derivation	137
User Roles	137
Creating a New User Role	137
Creating Role Assignment Rules	138
DHCP Option and DHCP Fingerprinting	139
802.1X-Authentication-Type	140
User VLAN Derivation	141
User VLAN Derivation	141
Vendor Specific Attributes (VSA)	141
VLAN Derivation Rule	142
Configuring VLAN Derivation Rules on an IAP	142
User Role	143
Configuring a User Role	143
SSID Profile	145
Configuring VLAN Derivation Rules Using SSID Profile	145
Instant Firewall	147
Service Options	148
Destination Options	149
Examples for Access Rules	150
Allow TCP Service to a Particular Network	150
Allow POP3 Service to a Particular Server	151
Deny FTP Service except to a Particular Server	152
Deny bootp Service except to a Particular Network	153
Content Filtering	155
Enabling Content Filtering	155
Enterprise Domains	156
OS Fingerprinting	157
Adaptive Radio Management	159
ARM Features	159
Channel or Power Assignment	159
Voice Aware Scanning	159
Load Aware Scanning	159
Band Steering Mode	159
Airtime Fairness Mode	160
Airtime Fairness Modes	160
Access Point Control	160
Customize Valid Channels	160
Min Transmit Power	161
Max Transmit Power	161
Client Aware	161
Scanning	161
Wide Channel Bands	161
Monitoring the Network with ARM	161
ARM Metrics	161
Configuring Administrator Assigned Radio Settings for IAP	162
Configuring Radio Profiles in Instant	163
Intrusion Detection System	165
Rogue AP Detection and Classification	165
Wireless Intrusion Protection (WIP)	165
Containment Methods	169
SNMP	171
SNMP Parameters for IAP	171
SNMP Traps	173
Hierarchical Deployment	175
Deployment	175
Ethernet Downlink	177
Ethernet Downlink Overview	177
Ethernet Downlink Profile Parameters	177
Assigning a Profile to the Ethernet Port	180
Uplink Configuration	181
Uplink Configuration Overview	181
Ethernet Uplink	181
3G/4G Uplink	182
Types of Modems	182
Uplink Switchover	186
Uplink Switching based on VPN Status	186
Uplink Preemption	186
Uplink Preference	186
PPPoE	187
Configuring PPPoE	187
Dell PowerConnect W-AirWave Integration and Management	189
Dell PowerConnect W-AirWave Features	189
Image Management	189
IAP and Client Monitoring	189
Template-based Configuration	190
Trending Reports	190
Intrusion Detection System	190
Wireless Intrusion Detection System (WIDS) Event Reporting to Dell PowerConnect W-AirWave	190
RF Visualization Support for Dell Instant	191
Configuring Dell PowerConnect W-AirWave	191
Creating your Organization String	191
About Shared Key	192
Entering the Organization String and AMP Information into the IAP	192
Dell PowerConnect W-AirWave Discovery through DHCP Option	192
Standard DHCP option 60 and 43 on Windows Server 2008	192
Alternate method for defining Vendor Specific DHCP options	195
Monitoring	199
Virtual Controller View	199
Monitoring Link	200
Info	200
RF Dashboard	200
Usage Trends	200
Client Alerts Link	202
IDS Link	202
Network View	202
Info	203
Usage Trends	203
Instant Access Point View	204
Info	205
RF Dashboard	205
Overview	205
Client View	212
Info	213
RF Dashboard	213
RF Trends	213
Mobility Trail	216
Alert Types and Management	217
Alert Types	217
Policy Enforcement Firewall	219
Authentication Servers	219
Users for Internal Server	220
Roles	220
Extended Voice and Video Functionalities	221
QoS for Microsoft Office OCS and Apple Facetime	221
Client Blacklisting	223
Types of Client Blacklisting	224
Manual Blacklisting	224
Adding a Client to the Manual Blacklist	224
Dynamic Blacklisting	225
Authentication Failure Blacklisting	225
Session Firewall Based Blacklisting	225
PEF Settings	225
Firewall ALG Configuration	225
Firewall-based Logging	226
VPN Configuration	227
VPN Configuration	227
Routing Profile Configuration	228
DHCP Server Configuration	229
NAT DHCP Configuration	229
Distributed L2 DHCP Configuration	230
Distributed L3 DHCP Configuration	231
Centralized L2 DHCP Configuration	232
User Database	235
Adding a User	235
Editing User Settings	236
Deleting a User	236
Regulatory Domain	237
Country Codes List	238
Controller Configuration for VPN	241
Whitelist DB Configuration if the Controller is acting as the Whitelist Entry	241
VPN Local Pool Configuration	242
IAP VPN Profile Configuration	242
Abbreviations	245

Match case Limit results 1 per page

150

Instant Firewall

Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0

| User Guide

Examples for Access Rules

This section provides procedures to create the following access rules.



Allow TCP Service to a Particular Network



Allow POP3 Service to a Particular Server



Deny FTP Service except to a Particular Server



Deny bootp Service except to a Particular Network

Allow TCP Service to a Particular Network

Click the

New

link in the

Networks

tab.

To define the access rule to an existing network, click the network. The

edit

link appears. Click the

edit

link

and navigate to the

Access

tab.

In the

WLAN Settings

tab, enter the appropriate information. and click

to continue.

Use the

VLAN

tab, to specify how the clients on this network will get their IP address and VLAN.Click

to continue.

Click

and set appropriate values in the

Security

tab.

Click

. The

Access

tab appears. The

Allow any to all destinations

access rule is enabled by default. This

rule allows traffic to all destinations. To define allow TCP service access rule to a particular network, perform

the following steps:

Click

New

, the

New Rule

window appears.

Select

Allow

from the

Action

drop-down list.

Select

custom

from the

Service

drop-down list.



Select TCP from the Protocol drop-down list.



Enter appropriate port number in the Port(s) text box.

Select

to a network

from the

Destination

drop-down list.



Enter appropriate IP address in the IP text box.



Enter appropriate netmask in the Netmask text box.

To a particular server

Access is allowed or denied to a particular server. You have to specify the IP

address of the server.

Except to a particular server

Access is allowed or denied to servers other than the specified server. You have to

specify the IP address of the server.

To a network

Access is allowed or denied to a network. You have to specify the IP address and

netmask for the network.

Except to a network

Access is allowed or denied to networks other than the specified network. You

have to specify the IP address and netmask for the network.

Table 23

Destination Options (Continued)

Destination

Description