Manuals / 3Com / Computer Equipment / Switch

3Com WX4400 3CRWX440095A WX1200, 3CRWXR10095A, 3CRWX120695A WXR100 manual Viewing ACLs To view ACLs

Models: 3CRWXR10095A WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100

1 516

Download 516 pages 50.11 Kb

Page 221

Viewing and Configuring ACLs 221

You can choose to count the number of times an ACE is matched. This hit count is useful for troubleshooting complex ACL configurations and for monitoring traffic load for specific network applications or protocols. The hit count can only be seen from the CLI. To start updating hit counter statistics in the CLI, you must first set the hits sampling rate to a nonzero value, such as 15 seconds. For more information about security ACLs, see the Wireless LAN Switch and Controller Configuration Guide.

You cannot perform ACL functions that include permitting, denying, or marking with a Class of Service (CoS) level on packets with a multicast or broadcast destination address.

Viewing ACLs To view ACLs:

1Select the Configuration tool bar option.

2In the Organizer panel, click the plus sign next to the WX switch.

3Click the plus sign next to System.

4Select ACLs.

The configured ACLs and their mappings appear in the Content panel.

Creating an ACL The Create ACL wizard enables you to configure ACEs with the following parameters:

Match criteria:

Source IP address

Destination IP address

Protocol

Source protocol port

Destination protocol port

Differentiated Services Code Point (DSCP) value or Type Of Service (TOS) and IP precedence values

Action: deny or permit

Marking: Class of Service (CoS) value

These parameters are sufficient for most ACEs. To configure additional parameters, use the wizard to configure the basic parameters, then select the ACE and click Properties. (See “Configuring Advanced ACL Settings” on page 226.)

Image 221

3Com WX4400 3CRWX440095A WX1200, 3CRWXR10095A, 3CRWX120695A WXR100 manual Viewing ACLs To view ACLs

Contents

WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100 3CRWXR10095A Wireless LAN Mobility SystemUnited States Government Legend 3Com Corporation 350 Campus Drive Marlborough, MA USAContents Enabling Keyboard Shortcut Mnemonics Windows XP Only Getting Started131 125 Placing Third-Party Access Points186 Configuring Snmp 187 175 Launching a Web Management Session with the Switch 176233 Resetting CoS Mapping to their Default Values244 241 Configuring an 802.1X Wireless Service 242247 258316 299 Creating a Radius Server Group 300319 320Example 3 Deployment Site Has DNS But No Dhcp 337WX File Management Options Devices Tab 347Viewing the Operation Log 358 Enabling or Disabling Management of a Switch by 3WXM356 375 Applying Policy Changes to Switches 375394 Generating a Radio Details Report 395410 Displaying 802.11 Coverage Generating a Site Survey Order Generating a Work Order412 439468 465Register Your Product 507 496Page Icon Description ConventionsList conventions that are used throughout this guide Documentation Pddtechpubscomments@3com.com CommentsExample Hardware Requirements for Running 3WXM Client Hardware RequirementsRequirements for 3WXM client 3WXM Client Hardware Requirements for Running 3WXM Monitoring Service Hardware Requirements for 3WXM Monitoring ServiceHard drive space Available Monitor resolution Number Radios WX Switches 50+ WX SwitchesSoftware InstallationPreparing for User PrivilegesInstalling 3WXM Installing 3WXM Installing 3WXM Click Uninstall Click Continue Plan is displayed by the 3WXM client OverviewDisplay Panels Display Panels Alert Category Description AlertsRogue Detection AlertsReviewing and Deploying Switch Configuration Changes Saving or Discarding Configuration ChangesConfiguration Wizards Working with the 3WXM User Interface Option Description Properties DialogsResize Icons Menu Option Description 3WXM Menu OptionsMenu Option Description 3WXM Tool Bar OptionsConfiguration Verification Deleting Copying, PastingObjects Organizer PanelReplace Organizer Panel Copy and Paste Content PanelShortcut Enabling KeyboardMnemonics Windows XP OnlyEnabling Keyboard Shortcut Mnemonics Windows XP Only Working with the 3WXM User Interface Following steps describe how to start 3WXM Switch Manager 3WXM, restricting access to 3WXM, creatingStarting 3WXM Managing network plans, and defining a Mobility DomainNext Starting 3WXM Getting Started Restricting Access to 3WXM Accounts Working with Network Plans Creating a Network To create a network plan PlanCan also share a network plan with others 3WXM installation directory on the 3WXM Services hostPlans Saving a Network Plan with a New Name Managing Network Plans Plan Managing Network Plans To disable notification Defining a Mobility Domain Protocol Port Function Traffic Ports Used for AAA Servers and Management ServersThird-Party AP Creating a WX SwitchCreating a Working with Network Plans Settings to Auto-TuningChanging Country CodeClick Next Click Finish Uploading a WX Switch into Network PlanConverting Auto DAPs into Statically Configured APs Affinity Value Assigned To Affinities for Network Domain SeedsRF Planning Toolbar icons available in RF Planning Tools RF Planning Overview To create or modify a site Creating orModifying a Site Creating or Modifying a Site Modifying Buildings in a Site Creating or Modifying Buildings in a Site Planning the 3COM Mobility System Modifying Floors Details Importing orDrawing Floor To prepare a drawing before importing it into 3WXM Planning the 3COM Mobility System Importing or Drawing Floor Details Common AutoCAD Layer Names Useful AutoCAD Operations and Naming-ConventionsOperating Tips Importing the Drawing Floor Plan After Importing To crop the paper spaceFloor Plan After Cropping To adjust the scaleOrigin point To adjust the origin pointNew location of origin point Shows the same floor plan as after hiding unnecessary layers Hiding LayersMoving an object from one layer to another Adding or removing a layerTo clean up a drawing Importing or Drawing Floor Details Planning the 3COM Mobility System Object Action To draw an objectPlanning the 3COM Mobility System To create RF obstacles for an area in a drawing To create RF obstacles for all objects in a layerCreate RF Obstacle dialog box is shown in Figure To create RF obstacles by grouping objectsTo use the Create RF Obstacle Dialog box Drawing RF Obstacles 3WXM supports concave polygons. a concave Specifying the RF Characteristics of a Floor To import LOS points from a file Site Survey RecommendationsAdding LOS Points Specifying the RF Characteristics of a Floor Planning the 3COM Mobility System To create LOS points in 3WXM Click Next. The radio configuration page appears Specifying the RF Characteristics of a Floor Generating a Site Survey Order To move an LOS pointTo delete an LOS point Click Generate Importing RF Measurements Click Next Applying the RF Measurements to the Floor Plan To create a wiring closet Planning the 3COM Mobility System Shows an example of shared coverage areas Shared Coverage AreasUnsupported Shared Coverage Area Example Drawing a Coverage AreaObject Action Specifying the Wireless Technology for a Coverage Area Specifying Coverage Area Properties Specifying Floor Properties for the Coverage Area Click Next. The Floor Properties page appearsSpecifying Default Device Settings for the Coverage Area Planning the 3COM Mobility System WX4400 switches support indirect MAP connections only Configuring Capacity Calculation for Data Configuring Capacity Calculation for Voice Planning the 3COM Mobility System Areas Planning the 3COM Mobility System Defining Wireless Coverage Areas Planning the 3COM Mobility System Defining Wireless Coverage Areas Planning the 3COM Mobility System AP Icon to its Floor Creating and Placing An Icon for a Third-Party Access PointLocation Place tabPlanning the 3COM Mobility System Placing Third-Party Access Points Planning the 3COM Mobility System Auto-Configured Placing InstalledMAPs PlanPlanning the 3COM Mobility System To specify design constraints WX4400 switches support indirect MAP connections only Computing MAP Placement To compute and place MAPs To review coverage area computation Go to To review coverage area computationPlanning the 3COM Mobility System To lock a MAP Locking and Unlocking MAPsChannel Assignment to Minimize Co-Channel Interference To assign channelsComputing MAP Placement Planning the 3COM Mobility System To compute optimal power Planning the 3COM Mobility System To resolve optimal power computation problems Resolving coverage gaps Verifying the Wireless NetworkTo place an RF measurement point „ To list disabled access points, select Show Disabled MAPs To use the RF interactive measurement mode Signal strengths for any location on the floorValue Shows the information available in the RF measurement tableRF Measurement Information Network Design Generating RFInformation To generate a work order reportClick Generate Work Order Parameters WX Switch Configuration ObjectsCategory Object Type Description WX Switch Object TypesWX Switch Object Types AAA Creating a WX Switch Using the Create Wireless Switch Wizard Adding a WX Switch to the Network PlanClick Management Interface Configured Switch Network PlanClick WX Associations Configuration FileSettings Configuring BasicAdvanced ReviewingPassword is encrypted when you type it Click Next Using the Create Wireless Switch WizardConfiguring WX System Parameters To set up a switch „ V2c Setting Up a Switch „ 11b „ 11g Modifying Basic Switch Parameters Software Version Changing the WX To change the WX software versionModel Select the model from the drop-down list Click OKInformation To convert an Auto DAP To delete an Auto DAP Settings Viewing Changing Port SettingsViewing Port Settings Enabling Link Notifications Click Properties Select Snmp Link Traps Click Next Configuring WX System Parameters Viewing and Changing Port Settings Configuring WX System Parameters Viewing and Changing Port Settings Select Port Groups Viewing Port Groups To view port groupsCreating a Port Group To create a port group Content panel, select the row for the port groupGroup Click PropertiesManagement Service Settings 3WXM, Https is always enabled and listens on portSelect Management Services ViewingViewing and Changing Management Settings Task List panel, select Community Configuring an Snmp V1 or V2c Community StringConfiguring a USM Snmp V3 User Configuring WX System Parameters Configuring a Notification Target Configuring a Notification ProfileClick Properties Community string names are transmitted in clear text Configuring WX System Parameters Task List panel, select 3WXM Notification Target Configuring 3WXM Services as a Notification TargetSelect the object you want to modify Community string names are transmitted in clear text Click Finish Viewing Log Settings To view log settings Setting LogTrace Settings Configure logging to the console Creating a Trace Area Creating an External Log ServerServices Settings Configuring IPSetting Static routesSelect IP Services You cannot use the word all as the name of an IP alias Select IP Services Select IP Services Users and VLANs Configuring VLANsViewing VLANs To view VLANs Roaming and VLANsConfiguring WX System Parameters Viewing and Configuring VLANs To tag a port or port group, select the Tag checkbox Changing STP Port Settings in a Vlan Click OK Enabling STP Fast Convergence Features Configuring WX System Parameters Configuring Static Multicast Ports Click Properties Viewing and Configuring VLANs A Vlan Restricting LayerSelect Dhcp Server to enable it on the Vlan Last ACE of an ACL Configuring ACLsServer that stores confidential salary information Viewing ACLs To view ACLs To configure an ACL IP Protocol Number Configuring WX System Parameters „ 0 normal-Packets with normal TOS defined are filtered To change the hit sample rate Configuring Advanced ACL SettingsTo enable the hit counter for an ACE To specify the type and code for Icmp ACEs To enable the established option for TCP ACEsIcmp Messages and Codes Icmp Message Type Number Code NumberAdding a New ACE to a Configured ACL Viewing and Configuring ACLs Individual ACE from an ACL Mappings Changing CoSMappings Mapping Setting a Range Dscp Values to a Configuring WX System Parameters Viewing Configuring Wireless Services Service Profile Parameters Service ProfilesService Profile Parameters Service Profile Type Access Rule Type Default Access Glob Access RulesViewing and Configuring Wireless Services „ Local EAP-TLS-EAP with TLS Select Wireless Services Viewing Wireless To view wireless servicesServices „ WPA Select the EAP type Configuring Wireless Parameters „ WPA Configuring Wireless Parameters Web-Portal WebAAA Service „ Static WEP Click Next Viewing and Configuring Wireless Services Access Service „ WPA Go to step Click Finish WPA, RSN Tab Service Profile TabStatic WEP Tab Authorization Attributes TabBroadcast Settings Tab Radio Profile Selection Tab Voice Configuration TabRate Configuration Tab Client Timeout TabClient Timeout tab lists settings for client session timers Viewing and Configuring Wireless Services Soda Tab Click Properties Modifying Encryption Settings Viewing and Configuring Wireless Services Modifying Access Rules Select Radio Profiles Configuring RadioProfiles Profile Creating a Radio To create a radio profileRadio Profile Tab Click Reset To DefaultAttributes Tab Auto Tune Tab Radio Selection Tab Service Profile Selection TabAuto-DAP Profile Profile SettingsProfile Settings Viewing and Changing the Auto-DAP Profile DAPs into Statically Configured DAPs Deleting Auto DAPs Configuring MAPsThrough radio signals See Deleting Auto DAPs onConfigured MAPs Viewing the To view the configured MAPsSelect Access Points Maximum MAPs Supported Per Switch„ 112233445566778899aabbccddeeff00 Transmit Power box, specify the transmit power for the radio To configure a directly connected MAP Channel Number list, select the channel number for the radio Click the plus sign next to Wireless Transmit Power box, specify the transmit power for the radio Configuring Wireless Parameters Viewing Radio To view radio settings ConfiguredChanging Radio Select RadiosChanging RF Detection SettingsSelect RF Detection OUI ListEdit the MAC address in the MAC Address box Click OK ListCountermeasures Select RF Detection Select Enable AP Signature Configuring Wireless Parameters Managing Users CreatingLocal User DatabaseGroups in the Local Database You can create two types of users in the local databaseSelect Local User Database Creating a Named To create a named userUser Group and Assigning Users To It Creating and Managing Users in the Local User Database Task List panel, select MAC User Group End-date Authentication Attributes for Local UsersEncryption-type Mobility-profile Idle-timeoutFilter-id Ssid Service-typeSession-timeout Start-date , end-date , or both Start-dateTime-of-day tu1000-1600,th1000-1 Time-of-day600 Time-of-day wk0900-1700,sa2200Group Radius SettingsA 3Com Mobility System UrlSelect Radius Settings, Servers, Server GroupsServer Click Next Viewing and Configuring Radius Settings To change default values for Radius parameters 802.1X Settings Configuring Global802.1X Settings SelectAttempts Click Save Network Access Rules Network AccessSelect 802.1X Access Rules RulesViewing and Configuring 802.1X Network Access Rules „ Local EAP-TLS-EAP with TLS Viewing and Configuring 802.1X Network Access Rules Select MAC Access Rules Configuring MACNetwork Access Rule Viewing and Configuring MAC Network Access Rules Page Viewing Web AAA To view Web AAA network access rules Viewing Configuring WebAAA Network Access RulesCreating a Web AAA To create a Web AAA network access rule Viewing and Configuring WebAAA Network Access Rules Task List panel, select Last Resort Network Access Viewing Configuring Last-Resort Network Access RulesSelect Last Resort Access Rules Viewing and Configuring Last-Resort Network Access Rules Administrator Configuring WXAdministrator Access Rules Select Admin Access RulesRule for Console Access Rule for Telnet or SSH Access Viewing and Configuring WX Administrator Access Rules Users Configuring AAASupport for Viewing and Configuring AAA Support for Third-Party AP Users Port Connected to Third-Party AP Proxy for a ClientPolicy Rules Changing LocationPolicy Rules Select Location PolicyPolicy Rule Creating a Location To create a location policy ruleViewing and Changing Location Policy Rules Select Mobility Profiles Changing MobilityProfiles Viewing and Changing Mobility Profiles Page Remotely Drop Ship WXR100 Only How Remote WX Configuration WorksShows the location of the Fn switch and the LED Staged WX 3WXM Requirements „ 3WXM must be installed and 3WXM Services must be running„ The network plan containing the WX switches must be open Staging a WX Switch forConfiguration by Save the configuration changes Enable the auto-config optionPower off or restart the switch Configure an IP interface on the VlanEnable the MSS DNS client Configure DNS server informationWX4400# set ip dns domain examplecorp.com WX4400# save config Completing its Configured SwitchConfiguration with Reusing its Replacing a SwitchReplaced switch’s configuration At the remote officeReplacement How Switch Replacement WorksTo enable replacement of remote switches EnablingTo replace a switch Options Document where the options are describedWX File WX File Management Options in 3WXM Switches in the network planDevices Tab Task Option Description Group Devices TasksTask Task Option Group Description Task Task Option Group Synchronizing Local Configuration ChangesNetwork ChangesNetwork Changes Undoing Local or To undo local or network changesTo immediately deploy local changes To synchronize the changes, do one of the following To schedule deployment of local changesNonmatching To delete a system image Repository. Images are storedTo add a system image To schedule installation of an image on WX switches To immediately install an image on WX switchesYou can use 3WXM to reboot WX switches and MAPs Rebooting WX Switches or MAP Access PointsTo reboot WX switches and the MAPs they are managing To reboot MAPs without rebooting the switchEnabling or Switch by 3WXMDisabling Management of aOperation Log Canceling aScheduled Operation To display the operation logTo import a configuration Importing Exporting Switch Configuration FilesTo export a configuration Modifying To modify configuration polling optionsChange Polling Alerts panelManaging WX System Images and Configurations Changes Toolbar Options on Verification Tab Select the warning or error message To resolve an error or warningTo disable a specific instance of a warning or error To change verification options To globally disable a warning or errorOr for specific instances To disable or reenable a ruleVerifying Configuration Changes „ WebAAA certificate for a WX switch „ 802.1X-EAP certificate for a WX switchWhen 3WXM connects to 3WXM Services or a WX switch, Distributing PKS #12 filesTo process a certificate ProcessingCertificates Certificate that is stored in the 3WXM certificate store ManagingTo review certificate details Select Tools Certificate ManagementOr more WX switches SwitchesDistributing Certificates to WXPolicies Viewing Policies Access the Create Policy wizardCreating a Policy To view policiesApplying Policy Feature Settings PolicyChanges to Switches For This Feature Area See System Features Feature CategoriesWireless Features AAA FeaturesToolbar Options DisplayingEvent Log Data Refreshing EventReviewing Event Filtering EventTo filter messages by content Using the Event LOG Severity To export filtered data Generating Reports Mobility Domain Configuration Configuration reportsWX Configuration Client ErrorsInventory Report Generating anTo generate an inventory report Inventory Report SectionsReport Generating aMobility Domain WX Configuration Report Sections Configuration ReportSummary Report Details Report Click Generate Errors Report „ Session Properties „ Location History Network usage report lists network usage statistics Generating a Network Usage ReportSummary Report Scope is always MAP Radio and cannot be changed Details Report Generating a Rogue Summary Report Click Generate Select the language „ English „ German Click View Work Order Statistics and the event log 3WXM Services regularly checks the status of the networkSwitches and shows information based on those traps To access monitored data AccessingRequirements for MonitoringUsing the Explore Window Monitoring the Network IconDescription „ Green UpToolbar Options in Link Display of Explore View Toolbar Options in Floor Display of Explore View Lists the options on the toolbar in the floor displayToolbar Options in Floor Display of Explore View Monitoring the Network Using the Explore Window Monitoring the Network Display Option Coverage Display Options in Explore WindowTo take an RF measurement 3Com radio on the floorRssi measurements RF measurement point Immediately updated for the new measurement point Using the StatusSummary View Click on the new measurement point. The measurement data isMonitor View Using the ClientOn the network Toolbar Options in Client Monitor ViewData Displayed When a Mobility Domain or Site is Selected That you can double-click on the arrow to change Number of times authentication for a client failed Client Activity Columns When a Mobility Domain is Selected Data Displayed When a Switch, MAP, or Radio is SelectedSsid Activity Details for Association Failure Activity Details for Authentication FailurePeap Activity Details for Authorization FailureColumnDescription Activity Details for Authorization SuccessfulHave been collected and will be transmitted to the new Activity Details for Disassociation Activity Details for Client ClearedActivity Details for Dot1x Failure Activity Details for Roam Data Displayed When a Mobility Domain is SelectedClient Sessions Columns When a Mobility Domain is Selected Data Displayed When a WX Switch, MAP, or Radio is SelectedSNR Displaying Session DetailsSession Properties Columns „ Updatedtoroam User is roaming. Session Session Statistics Columns Session Statistics Columns Location History Columns Clients on the watch list by MAC addressAdding a Client to the Watch List Using the Client Monitor View Click Next. The search results appear „ natasha@example.comDisplaying the Client Watch List Details are displayed on the following tabs Location On the floor To display a client’s session GeographicalMonitoring the Network Session Using the RF RF Monitor RF Neighborhood Columns Displaying RFWindow Bssid WindowRF Monitor Activity Log Columns RF Monitor Environment Columns StatisticsRF Monitor Environment Columns Can indicate interference from a non-802.11 device RF Trends ColumnsStatistics To access performance statistics from the networkMonitoring the Network Accessing Realtime Performance Statistics Viewing Current Data „ Octets In/Out „ Packets In/Out „ Errors In/OutViewing Historical Data Viewing Data in Percentages To export data to a file Exporting Performance DataMonitoring the Network That truly are rogues Converting a rogue into a third party APRogues Snmp Notifications for RF Detection Rogue Detection RequirementsNotification Type Description Rogue detection notifications IDS/DoS notificationsSnmp Notifications for RF Detection Detecting and Combatting Rogue Devices Rogue Detection Lists Main 3WXM tool bar Using the RogueDetection Screen Toolbar Options on Rogue Detection Screen To filter the rogue list Current, Current Hour, Current Day, and History Tabs Activity Log Columns Activity Log TabListeners Tab Lists the information displayed on the Clients tab Clients TabListeners Columns Client ColumnsRogue’s Displaying aGeographical LocationDisplaying a Rogue’s Geographical Location To add a device to the ignore list Attack List Adding a Device toConverting a Rogue Into a Third PartyTo remove a third-party AP To display the listAdding a Rogue’s Configuring RFClients to the Black ListDetecting and Combatting Rogue Devices Measurements Importing RFRF obstacle data Importing the To import the measurementsOptimizing a Network Plan Measurements to Floor Plan Coverage Holes Locating and FixingCoverage holes by displaying coverage Locating a Coverage To locate a coverage holeLocating and Fixing Coverage Holes Installed to Network Plan Tools Preferences ResettingPreferences Values Synchronization Changing NetworkChanging User Interface Options To change network optionsWithin Window Style, select one of the following Certificate Changing ToolsCheck on Click the Certificate Handling tabChanging Options Typical Client’s Transmit PowerFor RF Planning You can change the following RF planning optionsDefining a Color from the Palette To Change a ColorDefining a Color by Changing HSB Properties Defining a Color by Changing RGB Properties Changing 3WXM Logging Options Chapter a Changing 3WXM Preferences Preferences Chapter B Changing 3WXM Services Preferences Services 3WXM ServicesStarting or StoppingStart 3WXM client Connecting to 3WXM ServicesTo connect to 3WXM Services Verify that the service is running on the server To complete the connection DataTo change service settings Changing ServiceInformation, and access control to 3WXM Services Service will accept from the WX switches WX connection settings control the timeout and retries forClick the WXs Connection Settings tab Changing WXChanging WX Connection Settings Sources of Monitor Data Polling Interval is 5 minutes and cannot be changed Click the Monitoring Settings tabHttps//ip-addr Managing Network Plans Chapter B Changing 3WXM Services Preferences Backup Chapter B Changing 3WXM Services Preferences Register Your ServicesProduct PurchaseTroubleshoot Access SoftwareOnline DownloadsContact Us US and Canada Telephone Technical Support and Repair Country Telephone NumberLatin America Telephone Technical Support and Repair Numbers IndexIndex Monitors WX switch performance SSH SavingIndex Index