Configuring advanced subnet access, Available protocols – Brocade Mobility 7131N-FGR Access Point Product Reference Guide (Supporting software release 4.0.0.0-35GRN and later) User Manual

176

Brocade Mobility 7131N-FGR Product Reference Guide

53-1001947-01

Configuring firewall settings

6

Available protocols

Protocols that are not pre-configured can be specified using the drop down list within the Transport
column within the Subnet Access and Advanced Subnet Access screens. They include:

•

ALL - Enables all of the protocol options displayed in the drop-down menu (as described
below).

•

TCP - Transmission Control Protocol is a set of rules for sending data as message units over the
Internet. TCP manages individual data packets. Messages are divided into packets for efficient
routing through the Internet.

•

UDP - User Datagram Protocol is used for broadcasting data over the Internet. Like TCP, UDP
runs on top of Internet Protocol (IP) networks. Unlike TCP/IP, UDP/IP provides few error
recovery services. UDP offers a way to directly connect, and then send and receive datagrams
over an IP network.

•

ICMP - Internet Control Message Protocol is tightly integrated with IP. ICMP messages are used
for out-of-band messages related to network operation. ICMP packet delivery is unreliable.
Hosts cannot count on receiving ICMP packets for a network problem.

•

AH - Authentication Header is one of the two key components of IP Security Protocol (IPsec).
The other key component is Encapsulating Security Protocol (ESP).
AH provides authentication, proving the packet sender really is the sender, and the data really
is the data sent. AH can be used in transport mode, providing security between two end points.
Also, AH can be used in tunnel mode, providing security like that of a Virtual Private Network
(VPN).

•

ESP - Encapsulating Security Protocol is one of two key components of IP Security Protocol
(IPsec). The other key component is Authentication Header (AH). ESP encrypts the packets and
provides authentication services. ESP can be used in transport mode, providing security
between two end points. ESP can also be used in tunnel mode, providing security like that of a
Virtual Private Network (VPN).

•

GRE - General Routing Encapsulation supports VPNs across the Internet. GRE is a mechanism
for encapsulating network layer protocols over any other network layer protocol. Such
encapsulation allows routing of IP packets between private IP networks across an Internet
using globally assigned IP addresses.

Configuring advanced subnet access

Use the Advanced Subnet Access screen to configure complex access rules and filtering based on
source port, destination port, and transport protocol. To enable advanced subnet access, the
subnet access rules must be overridden. However, the Advanced Subnet Access screen allows you
to import existing subnet access rules into the advanced subnet access rules.

To configure Brocade Mobility 7131N-FGR Access Point Advanced Subnet Access: