Home » Dell Manuals » Hubs & Switches » Dell PowerConnect W-IAP92 » Manual Viewer

Dell PowerConnect W-IAP92 Dell Instant 6.1.3.1-3.0.0.0 User Guide - Page 58

Instant Firewall, Creating a New User, Role on To define an access rule

View all Dell PowerConnect W-IAP92 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 58 highlights

Table 8 Conditions for Adding a Voice Network- Security Tab (Continued) If then, You select the Open security level 1. Select the required MAC authentication from the MAC authentication drop-down list. Available options are- Enabled and Disabled  When Enabled, user must configure at least one RADIUS server for authentication server. See "MAC Authentication" on page 109 for further details. 2. Authentication server 1- Select the required Authentication server option from the drop-down list. Available options are:  New- If you select this option, then an external radius server has to be configured to authenticate the users. For information on configuring an external RADIUS server, see Chapter 8, "Authentication" .  InternalServer- If you select this option, then users who are required to authenticate with the internal RADIUS server must be added. Click the Users link to add the users. For information on adding a user, see "Adding a User" on page 203. 3. Reauth interval- When set to a value greater than zero, the Access Points will periodically reauthenticate all associated and authenticated clients. 4. Blacklisting- Select Enabled if you want clients to be blacklisted after a certain number of authentication failures. 5. Max authentication failures- Users who fail to authenticate the number of times specified here will be dynamically blacklisted. The maximum value for this entry is 10. NOTE: Navigate to PEF > Blacklisting in the WebUI to specify the duration of the blacklisting on the Blacklisting tab of the PEF window. 6. For Internal users- Click Users to populate the system's internal authentication server with users. For information about adding a user, see "Adding a User" on page 203. 7. Click Upload Certificate and browse to upload a certificate file for the internal server. See "Certificates" on page 111 for more information. 8. Use the Access Rules page to specify optional access rules for this network.  Network-based- Set the slider to Network-based if you want the same rules to apply to all users. The Allow any to all destinations access rule is enabled by default. This rule allows traffic to all destinations. Instant Firewall treats packets based on the first rule matched. For more information, see Chapter 12, "Instant Firewall" . To edit the default rule, perform the following steps: a. Select the rule and then click Edit. b. Select appropriate options in the Edit Rule window and click OK. To define an access rule, perform the following steps: a. Click New. b. Select appropriate options in the New Rule window. c. Click OK.  Role-based- Select Role-based if you want to specify per-user access rules. See "Creating a New User Role" on page 119 for more information.  Unrestricted- Select this to set no restrictions on access based on destination or type of traffic. 58 | Wireless Network Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0 | User Guide

Section	Page
Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0	1
Contents	3
Figures	9
Tables	13
About this Guide	15
Dell PowerConnect W-Instant Access Point Overview	15
Supported Devices	15
Objective	15
Intended Audience	15
Conventions	16
Contacting Support	16
Initial Configuration	17
Initial Setup	17
Pre-Installation Checklist	17
Connecting the IAP to a Power Source	18
Assigning an IP Address to the IAP	18
Connecting to a Provisioning Wi-Fi Network	18
Login into Instant User Interface	19
Specifying the Country Code	20
IAP Cluster	20
Instant User Interface	21
Understanding the Instant UI Layout	21
Banner	22
Search	22
Tabs	22
Networks Tab	22
Access Points Tab	23
Clients Tab	23
Links	24
New Version Available	24
Settings	25
RF	27
PEF	28
WIP	28
VPN	29
Maintenance	29
Support	31
Help	34
Logout	34
Monitoring	34
Alerts	37
IDS	39
Configuration	40
Language	40
Dell PowerConnect W-AirWave Setup	40
Pause/Resume	41
Views	41
Wireless Network	43
Network Types	43
Employee Network	43
Adding an Employee Network	44
Voice Network	52
Adding a Voice Network	53
Guest Network	59
Adding a Guest Network	60
Editing a Network	65
Deleting a Network	65
Mesh Network	67
Mesh Instant Access Points	67
Mesh Portals	67
Mesh Points	68
Instant Mesh Setup	68
Managing IAPs	71
Preferred Band	71
Auto Join Mode	71
Disabling Auto Join Mode	71
LED Display	72
Terminal Access	73
TFTP Dump Server	74
Syslog Server	74
Syslog Facility Levels	75
Adding an IAP to the Network	75
Removing an IAP from the Network	76
Editing IAP Settings	76
Changing IAP Name	76
Changing IP Address of the IAP	77
Configuring Adaptive Radio Management	78
Migrating from a Virtual Controller Managed Network to Mobility Controller Managed Network	79
Converting an IAP to RAP Mode	79
Converting an IAP to CAP	82
Converting an IAP to Standalone Mode	82
Converting back to an IAP	83
Rebooting the IAP	83
Firmware Image Server in Cloud Network	85
Upgrade using Dell PowerConnect W-AirWave and Image Server	85
Image management using Cloud Server	85
Image management using Dell PowerConnect W-AirWave	85
Automatic Firmware Image Check and Upgrade	85
Upgrading to New Version	86
Manual	86
Automatic	87
NTP Server	89
Configuring an NTP Server	89
Virtual Controller	91
Master Election Protocol	91
Virtual Controller IP Address	91
Specifying Name and IP Address for the Virtual Controller	91
Configuring the DHCP Server	92
Authentication	93
Authentication Methods in Dell Instant	93
802.1X Authentication	93
Internal RADIUS Server	93
External RADIUS Server	94
Authentication Terminated on IAP	94
Configuring an External RADIUS Server	95
Enabling Instant RADIUS	97
RADIUS Server Authentication with VSA	97
List of supported VSA	97
Management Authentication Settings	100
Captive Portal	101
Internal Captive Portal	101
Configuring Internal Captive Portal Authentication when Adding a Guest Network	101
Configuring Internal Captive Portal Authentication when Editing a Guest Network	102
Configuring Internal Captive Portal with External Radius Server Authentication when Adding a Guest Network	103
Customizing a Splash Page	104
Disabling Captive Portal Authentication	105
External Captive Portal	106
Configuring External Captive Portal Authentication when Adding a Guest Network	106
Configuring External Captive Portal Authentication when Editing a Guest Network	107
External Captive Portal Authentication using Dell PowerConnect W-ClearPass GuestConnect	108
Creating a Web Login page in the Dell PowerConnect W-ClearPass GuestConnect	108
Configuring the RADIUS Server in Instant	108
MAC Authentication	109
Configuring MAC Authentication	109
Walled Garden Access	110
Creating a Walled Garden Access	110
Certificates	111
Loading Certificates using Instant WebUI	112
Loading Certificates using Dell PowrConnect W-AirWave	113
Encryption	117
Encryption Types Supported in Dell Instant	117
WEP	117
TKIP	117
AES	117
Encryption Recommendations	117
Understanding WPA and WPA2	118
Recommended Authentication and Encryption Combinations	118
Role Derivation	119
User Roles	119
Creating a New User Role	119
Creating Role Assignment Rules	120
User VLAN Derivation	123
User VLAN Derivation	123
Vendor Specific Attributes (VSA)	123
VLAN Derivation Rule	124
Configuring VLAN Derivation Rules on an IAP	124
User Role	125
Configuring a User Role	125
SSID Profile	127
Configuring VLAN Derivation Rules Using SSID Profile	127
Instant Firewall	129
Service Options	130
Destination Options	131
Examples for Access Rules	131
Allow TCP Service to a Particular Network	131
Allow PoP3 Service to a Particular Server	132
Deny FTP Service except to a Particular Server	133
Deny bootp Service except to a Particular Network	134
Content Filtering	137
Enabling Content Filtering	137
Enterprise Domains	138
OS Fingerprinting	139
Adaptive Radio Management	141
ARM Features	141
Channel or Power Assignment	141
Voice Aware Scanning	141
Load Aware Scanning	141
Band Steering Mode	141
Airtime Fairness Mode	142
Airtime Fairness Modes	142
Access Point Control	142
Customize Valid Channels	142
Min Transmit Power	143
Max Transmit Power	143
Client Aware	143
Scanning	143
Wide Channel Bands	143
Monitoring the Network with ARM	143
ARM Metrics	143
Configuring Administrator Assigned Radio Settings for IAP	144
Configuring Radio Profiles in Instant	145
Intrusion Detection System	147
Rogue AP Detection and Classification	147
Wireless Intrusion Protection (WIP)	147
Containment Methods	151
SNMP	153
SNMP Parameters for IAP	153
SNMP Traps	155
Ethernet Downlink	157
Ethernet Downlink Overview	157
Ethernet Downlink Profile Parameters	157
Assigning a Profile to the Ethernet Port	158
Uplink Configuration	159
Uplink Configuration Overview	159
Ethernet	159
3G Uplink	159
Types of Modems	159
Uplink Switchover	162
Uplink Preemption	163
Uplink Preference	163
Dell PowerConnect W-AirWave Integration and Management	165
Dell PowerConnect W-AirWave Features	165
Image Management	165
IAP and Client Monitoring	165
Template-based Configuration	166
Trending Reports	166
Intrusion Detection System	166
Wireless Intrusion Detection System (WIDS) Event Reporting to Dell PowerConnect W-AirWave	166
RF Visualization Support for Dell Instant	167
Configuring Dell PowerConnect W-AirWave	167
Creating your Organization String	167
About Shared Key	168
Entering the Organization String and AMP Information into the IAP	168
Dell PowerConnect W-AirWave Discovery through DHCP Option	168
Standard DHCP option 60 and 43 on Windows Server 2008 for Dell Instant APs	168
Alternate method for defining Vendor Specific DHCP options	171
Monitoring	175
Virtual Controller View	175
Monitoring Link	176
Info	176
RF Dashboard	176
Usage Trends	176
Client Alerts Link	177
IDS Link	177
Network View	178
Info	178
Usage Trends	179
Instant Access Point View	180
Info	181
RF Dashboard	181
RF Trends	181
Usage Trends	183
Client View	184
Info	184
RF Dashboard	184
RF Trends	185
Mobility Trail	188
Alert Types and Management	189
Alert Types	189
Policy Enforcement Firewall	191
Authentication Servers	191
Users for Internal Server	192
Roles	192
Client Blacklisting	193
Types of Client Blacklisting	194
Manual Blacklisting	194
Adding a Client to the Manual Blacklist	194
Dynamic Blacklisting	194
Authentication Failure Blacklisting	194
Session Firewall Based Blacklisting	195
PEF Settings	195
Firewall ALG Configuration	195
Firewall-based Logging	196
VPN Configuration	197
VPN Configuration	197
Routing Profile Configuration	198
DHCP Server Configuration	198
NAT DHCP Configuration	199
Distributed L2 DHCP Configuration	200
Distributed L3 DHCP Configuration	201
Centralized L2 DHCP Configuration	202
User Database	203
Adding a User	203
Editing User Settings	204
Deleting a User	204
Regulatory Domain	205
Country Codes List	206
Controller Configuration for VPN	209
Whitelist DB Configuration if the Controller is acting as the Whitelist Entry	209
VPN Local Pool Configuration	210
IAP VPN Profile Configuration	210
Abbreviations	213

Match case Limit results 1 per page

Wireless Network

Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0

| User Guide

Use the Access Rules page to specify optional access rules for this network.



Network-based—

Set the slider to

Network-based

if you want the same rules to apply to all users. The

Allow any to all destinations

access rule is enabled by default. This rule allows traffic to all destinations.

Instant Firewall treats packets based on the first rule matched. For more information, see

Chapter 12,

“Instant Firewall”

To edit the default rule, perform the following steps:

Select the rule and then click

Edit

Select appropriate options in the

Edit Rule

window and click

OK.

To define an access rule, perform the following steps:

Click

New

Select appropriate options in the

New Rule

window.

Click

OK.



Role-based—

Select

Role-based

if you want to specify per-user access rules. See

“Creating a New User

Role” on page

119

for more information.



Unrestricted—

Select this to set no restrictions on access based on destination or type of traffic.

You select the

Open

security level

Select the required MAC authentication from the

MAC authentication

drop-down list. Available options are— Enabled and Disabled



When

Enabled

, user must configure at least one RADIUS server for

authentication server. See

“MAC Authentication” on page 109

for further

details.

Authentication server 1—

Select the required Authentication server

option from the drop-down list. Available options are:



New

— If you select this option, then an external radius server has to be

configured to authenticate the users. For information on configuring an

external RADIUS server, see

Chapter 8, “Authentication”



InternalServer

— If you select this option, then users who are required to

authenticate with the internal RADIUS server must be added. Click the

Users link to add the users.

For information on adding a user, see

“Adding a User” on page 203

Reauth interval—

When set to a value greater than zero, the Access

Points will periodically reauthenticate all associated and authenticated

clients.

Blacklisting—

Select

Enabled

if you want clients to be blacklisted after a

certain number of authentication failures.

Max authentication failures—

Users who fail to authenticate the number

of times specified here will be dynamically blacklisted. The maximum

value for this entry is 10.

NOTE:

Navigate to

PEF > Blacklisting

in the WebUI to specify the duration of

the blacklisting on the Blacklisting tab of the PEF window.

For Internal users—

Click

Users

to populate the system’s internal

authentication server with users. For information about adding a user, see

“Adding a User” on page 203

Click

Upload Certificate

and browse to upload a certificate file for the

internal server. See

“Certificates” on page 111

for more information.

Table 8

Conditions for Adding a Voice Network— Security Tab (Continued)

then,