Acls, Local radius server, Ipsec vpn – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Page 36: Snmp trap on discovery, Authorized ap lists, Rogue ap report

Advertising
background image

22

Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Software overview

1

SNMP Trap on discovery
An SNMP trap is sent for each detected and Rogue AP. Rogue APs are only detected, and
notification is provided via a SNMP trap.

NOTE

Wired side scanning for Rogue APs using WNMP is not supported. Similarly, RADIUS lookup for
approved AP is not provided.

Authorized AP lists
Configure a list of authorized Access Ports based on their MAC addresses. The switch evaluates the
APs against the configured authorized list after obtaining Rogue AP information from one of the 2
mechanisms as mentioned in

“Rogue AP detection”

on page 21.

Rogue AP report
After determining which are authorized APs and which are Rogue, the switch prepares a report.

ACLs

ACLs control access to the network through a set of rules. Each rule specifies an action taken when
a packet matches a set of rules. If the action is deny, the packet is dropped. If the action is permit,
the packet is allowed. If the action is to mark, the packet is tagged for priority. The switch supports
the following types of ACLs:

IP Standard ACLs

IP Extended ACLs

MAC Extended ACLs

Wireless LAN ACLs

For information on creating an ACL, see

“Configuring firewalls and access control lists”

on

page 321.

Local RADIUS server

RADIUS is a common authentication protocol utilized by the 802.1x wireless security standard.
RADIUS improves the WEP encryption key standard, in conjunction with other security methods
such as EAP-PEAP. The switch has one onboard RADIUS server. For information on configuring the
switch’s resident RADIUS Server, see

“Configuring the RADIUS Server”

on page 403.

IPSec VPN

IP Sec is a security protocol providing authentication and encryption over the Internet. Unlike SSL
(which provides services at layer 4 and secures two applications), IPsec works at Layer 3 and
secures the network. Also unlike SSL (which is typically built into the Web browser), IPsec requires a
client installation. IPsec can access both Web and non-Web applications, whereas SSL requires
workarounds for non-Web access such as file sharing and backup.

A VPN is used to provide secure access between two subnets separated by an unsecured network.
There are two types of VPNs:

Site-Site VPN — For example, a company branching office traffic to another branch office
traffic with an unsecured link between the two locations.

Advertising
Popular Brands
Popular manuals