Home » Dell Manuals » Hubs & Switches » Dell PowerConnect W-IAP92 » Manual Viewer

Dell PowerConnect W-IAP92 Dell Instant 6.1.3.1-3.0.0.0 User Guide - Page 191

Policy Enforcement Firewall, Authentication Servers

View all Dell PowerConnect W-IAP92 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 191 highlights

Chapter 23 Policy Enforcement Firewall Dell's Policy Enforcement Firewall (PEF) module for Dell Instant provides identity-based controls to enforce application-layer security, prioritization, traffic forwarding, and network performance policies for wired and wireless networks. The PEF window displays the external/internal authentication servers, currently defined roles for all the networks, blacklisted clients and to enable or disable the protocols for ALG. Navigate to the PEF link at the top right corner of the WebUI to view the following features. Authentication Servers This section displays the currently defined external authentication servers.  Name- Indicates the name of the external authentication server.  Type- Indicates the type of the authentication server-RADIUS or LDAP. 1. Click New to configure an external RADIUS server for a wireless network. See "Configuring an External RADIUS Server" on page 95 for more information. 2. Click OK to apply the changes. Figure 153 Authentication Server Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0 | User Guide Policy Enforcement Firewall | 191

Section	Page
Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0	1
Contents	3
Figures	9
Tables	13
About this Guide	15
Dell PowerConnect W-Instant Access Point Overview	15
Supported Devices	15
Objective	15
Intended Audience	15
Conventions	16
Contacting Support	16
Initial Configuration	17
Initial Setup	17
Pre-Installation Checklist	17
Connecting the IAP to a Power Source	18
Assigning an IP Address to the IAP	18
Connecting to a Provisioning Wi-Fi Network	18
Login into Instant User Interface	19
Specifying the Country Code	20
IAP Cluster	20
Instant User Interface	21
Understanding the Instant UI Layout	21
Banner	22
Search	22
Tabs	22
Networks Tab	22
Access Points Tab	23
Clients Tab	23
Links	24
New Version Available	24
Settings	25
RF	27
PEF	28
WIP	28
VPN	29
Maintenance	29
Support	31
Help	34
Logout	34
Monitoring	34
Alerts	37
IDS	39
Configuration	40
Language	40
Dell PowerConnect W-AirWave Setup	40
Pause/Resume	41
Views	41
Wireless Network	43
Network Types	43
Employee Network	43
Adding an Employee Network	44
Voice Network	52
Adding a Voice Network	53
Guest Network	59
Adding a Guest Network	60
Editing a Network	65
Deleting a Network	65
Mesh Network	67
Mesh Instant Access Points	67
Mesh Portals	67
Mesh Points	68
Instant Mesh Setup	68
Managing IAPs	71
Preferred Band	71
Auto Join Mode	71
Disabling Auto Join Mode	71
LED Display	72
Terminal Access	73
TFTP Dump Server	74
Syslog Server	74
Syslog Facility Levels	75
Adding an IAP to the Network	75
Removing an IAP from the Network	76
Editing IAP Settings	76
Changing IAP Name	76
Changing IP Address of the IAP	77
Configuring Adaptive Radio Management	78
Migrating from a Virtual Controller Managed Network to Mobility Controller Managed Network	79
Converting an IAP to RAP Mode	79
Converting an IAP to CAP	82
Converting an IAP to Standalone Mode	82
Converting back to an IAP	83
Rebooting the IAP	83
Firmware Image Server in Cloud Network	85
Upgrade using Dell PowerConnect W-AirWave and Image Server	85
Image management using Cloud Server	85
Image management using Dell PowerConnect W-AirWave	85
Automatic Firmware Image Check and Upgrade	85
Upgrading to New Version	86
Manual	86
Automatic	87
NTP Server	89
Configuring an NTP Server	89
Virtual Controller	91
Master Election Protocol	91
Virtual Controller IP Address	91
Specifying Name and IP Address for the Virtual Controller	91
Configuring the DHCP Server	92
Authentication	93
Authentication Methods in Dell Instant	93
802.1X Authentication	93
Internal RADIUS Server	93
External RADIUS Server	94
Authentication Terminated on IAP	94
Configuring an External RADIUS Server	95
Enabling Instant RADIUS	97
RADIUS Server Authentication with VSA	97
List of supported VSA	97
Management Authentication Settings	100
Captive Portal	101
Internal Captive Portal	101
Configuring Internal Captive Portal Authentication when Adding a Guest Network	101
Configuring Internal Captive Portal Authentication when Editing a Guest Network	102
Configuring Internal Captive Portal with External Radius Server Authentication when Adding a Guest Network	103
Customizing a Splash Page	104
Disabling Captive Portal Authentication	105
External Captive Portal	106
Configuring External Captive Portal Authentication when Adding a Guest Network	106
Configuring External Captive Portal Authentication when Editing a Guest Network	107
External Captive Portal Authentication using Dell PowerConnect W-ClearPass GuestConnect	108
Creating a Web Login page in the Dell PowerConnect W-ClearPass GuestConnect	108
Configuring the RADIUS Server in Instant	108
MAC Authentication	109
Configuring MAC Authentication	109
Walled Garden Access	110
Creating a Walled Garden Access	110
Certificates	111
Loading Certificates using Instant WebUI	112
Loading Certificates using Dell PowrConnect W-AirWave	113
Encryption	117
Encryption Types Supported in Dell Instant	117
WEP	117
TKIP	117
AES	117
Encryption Recommendations	117
Understanding WPA and WPA2	118
Recommended Authentication and Encryption Combinations	118
Role Derivation	119
User Roles	119
Creating a New User Role	119
Creating Role Assignment Rules	120
User VLAN Derivation	123
User VLAN Derivation	123
Vendor Specific Attributes (VSA)	123
VLAN Derivation Rule	124
Configuring VLAN Derivation Rules on an IAP	124
User Role	125
Configuring a User Role	125
SSID Profile	127
Configuring VLAN Derivation Rules Using SSID Profile	127
Instant Firewall	129
Service Options	130
Destination Options	131
Examples for Access Rules	131
Allow TCP Service to a Particular Network	131
Allow PoP3 Service to a Particular Server	132
Deny FTP Service except to a Particular Server	133
Deny bootp Service except to a Particular Network	134
Content Filtering	137
Enabling Content Filtering	137
Enterprise Domains	138
OS Fingerprinting	139
Adaptive Radio Management	141
ARM Features	141
Channel or Power Assignment	141
Voice Aware Scanning	141
Load Aware Scanning	141
Band Steering Mode	141
Airtime Fairness Mode	142
Airtime Fairness Modes	142
Access Point Control	142
Customize Valid Channels	142
Min Transmit Power	143
Max Transmit Power	143
Client Aware	143
Scanning	143
Wide Channel Bands	143
Monitoring the Network with ARM	143
ARM Metrics	143
Configuring Administrator Assigned Radio Settings for IAP	144
Configuring Radio Profiles in Instant	145
Intrusion Detection System	147
Rogue AP Detection and Classification	147
Wireless Intrusion Protection (WIP)	147
Containment Methods	151
SNMP	153
SNMP Parameters for IAP	153
SNMP Traps	155
Ethernet Downlink	157
Ethernet Downlink Overview	157
Ethernet Downlink Profile Parameters	157
Assigning a Profile to the Ethernet Port	158
Uplink Configuration	159
Uplink Configuration Overview	159
Ethernet	159
3G Uplink	159
Types of Modems	159
Uplink Switchover	162
Uplink Preemption	163
Uplink Preference	163
Dell PowerConnect W-AirWave Integration and Management	165
Dell PowerConnect W-AirWave Features	165
Image Management	165
IAP and Client Monitoring	165
Template-based Configuration	166
Trending Reports	166
Intrusion Detection System	166
Wireless Intrusion Detection System (WIDS) Event Reporting to Dell PowerConnect W-AirWave	166
RF Visualization Support for Dell Instant	167
Configuring Dell PowerConnect W-AirWave	167
Creating your Organization String	167
About Shared Key	168
Entering the Organization String and AMP Information into the IAP	168
Dell PowerConnect W-AirWave Discovery through DHCP Option	168
Standard DHCP option 60 and 43 on Windows Server 2008 for Dell Instant APs	168
Alternate method for defining Vendor Specific DHCP options	171
Monitoring	175
Virtual Controller View	175
Monitoring Link	176
Info	176
RF Dashboard	176
Usage Trends	176
Client Alerts Link	177
IDS Link	177
Network View	178
Info	178
Usage Trends	179
Instant Access Point View	180
Info	181
RF Dashboard	181
RF Trends	181
Usage Trends	183
Client View	184
Info	184
RF Dashboard	184
RF Trends	185
Mobility Trail	188
Alert Types and Management	189
Alert Types	189
Policy Enforcement Firewall	191
Authentication Servers	191
Users for Internal Server	192
Roles	192
Client Blacklisting	193
Types of Client Blacklisting	194
Manual Blacklisting	194
Adding a Client to the Manual Blacklist	194
Dynamic Blacklisting	194
Authentication Failure Blacklisting	194
Session Firewall Based Blacklisting	195
PEF Settings	195
Firewall ALG Configuration	195
Firewall-based Logging	196
VPN Configuration	197
VPN Configuration	197
Routing Profile Configuration	198
DHCP Server Configuration	198
NAT DHCP Configuration	199
Distributed L2 DHCP Configuration	200
Distributed L3 DHCP Configuration	201
Centralized L2 DHCP Configuration	202
User Database	203
Adding a User	203
Editing User Settings	204
Deleting a User	204
Regulatory Domain	205
Country Codes List	206
Controller Configuration for VPN	209
Whitelist DB Configuration if the Controller is acting as the Whitelist Entry	209
VPN Local Pool Configuration	210
IAP VPN Profile Configuration	210
Abbreviations	213