Manuals / 3Com / Computer Equipment / Switch

3Com 3CRWX120695A WXR100 manual Configuring Advanced ACL Settings, To change the hit sample rate

Models: 3CRWXR10095A WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100

1 516

Download 516 pages 50.11 Kb

Page 226

226CHAPTER 6: CONFIGURING WX SYSTEM PARAMETERS

Configuring

Advanced ACL

Settings

After you configure an ACL, you can configure the following advanced settings:

Hit counter (enable or disable)

Hit sample rate (applies if the hit counter is enabled)

Established option, to apply a new TCP ACE only to established (existing) TCP sessions. By default, TCP ACEs apply to new sessions as well as existing ones.

ICMP properties, to specify the type and code values for ICMP ports (applies only to ACEs that have ICMP as the protocol)

Capture option, to redirect matching packets to the CPU (applies to ACEs used for Web Portal access)

To change the hit sample rate

The hit sample rate specifies the time interval, in seconds, at which the packet counter is sampled for each security ACE on which the hit counter is enabled.

By default, the hit sample rate is 0, even when the hit counter is enabled. To use the hit counter, you must enable it and set the hit sample rate. The hit sample rate applies globally to all ACEs on which the hit counter is enabled.

1In the Task List panel, select Edit ACL hit sample rate.

2Select or type the number of seconds between updates in the Hit Sample Rate box.

3Click OK.

To enable the hit counter for an ACE

You can enable the hit counter on an individual ACE basis.

1Select the ACE in the ACL table.

2In the Task List panel, select Enable Hits for this rule.

You also must set the hit sample rate to a value greater than 0, which is the default. (See “To change the hit sample rate”.)

Image 226

3Com 3CRWX120695A WXR100, 3CRWXR10095A manual Configuring Advanced ACL Settings, To change the hit sample rate

Contents

Wireless LAN Mobility System WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100 3CRWXR10095A3Com Corporation 350 Campus Drive Marlborough, MA USA United States Government LegendContents Getting Started Enabling Keyboard Shortcut Mnemonics Windows XP Only125 Placing Third-Party Access Points 131175 Launching a Web Management Session with the Switch 176 186 Configuring Snmp 187Resetting CoS Mapping to their Default Values 233247 241 Configuring an 802.1X Wireless Service 242244 258319 299 Creating a Radius Server Group 300316 320WX File Management Options Devices Tab 337Example 3 Deployment Site Has DNS But No Dhcp 347356 Enabling or Disabling Management of a Switch by 3WXMViewing the Operation Log 358 394 Applying Policy Changes to Switches 375375 Generating a Radio Details Report 395412 Generating a Site Survey Order Generating a Work Order410 Displaying 802.11 Coverage 439465 468496 Register Your Product 507Page List conventions that are used throughout this guide ConventionsIcon Description Documentation Comments Pddtechpubscomments@3com.comExample Requirements for 3WXM client 3WXM Client Hardware RequirementsHardware Requirements for Running 3WXM Client Hard drive space Available Monitor resolution Hardware Requirements for 3WXM Monitoring ServiceHardware Requirements for Running 3WXM Monitoring Service Number Radios WX Switches 50+ WX SwitchesPreparing for InstallationSoftware User PrivilegesInstalling 3WXM Installing 3WXM Installing 3WXM Click Uninstall Click Continue Overview Plan is displayed by the 3WXM clientDisplay Panels Display Panels Alerts Alert Category DescriptionAlerts Rogue DetectionSaving or Discarding Configuration Changes Reviewing and Deploying Switch Configuration ChangesConfiguration Wizards Working with the 3WXM User Interface Resize Icons Properties DialogsOption Description 3WXM Menu Options Menu Option Description3WXM Tool Bar Options Menu Option DescriptionConfiguration Verification Objects Copying, PastingDeleting Organizer PanelCopy and Paste Content Panel Replace Organizer PanelMnemonics Enabling KeyboardShortcut Windows XP OnlyEnabling Keyboard Shortcut Mnemonics Windows XP Only Working with the 3WXM User Interface Starting 3WXM Switch Manager 3WXM, restricting access to 3WXM, creatingFollowing steps describe how to start 3WXM Managing network plans, and defining a Mobility DomainNext Starting 3WXM Getting Started Restricting Access to 3WXM Accounts Working with Network Plans Plan Creating a Network To create a network planPlans 3WXM installation directory on the 3WXM Services hostCan also share a network plan with others Saving a Network Plan with a New Name Managing Network Plans Plan Managing Network Plans To disable notification Defining a Mobility Domain Traffic Ports Used for AAA Servers and Management Servers Protocol Port FunctionCreating a Creating a WX SwitchThird-Party AP Working with Network Plans Changing Auto-TuningSettings to Country CodeUploading a WX Switch into Network Plan Click Next Click FinishConverting Auto DAPs into Statically Configured APs Affinities for Network Domain Seeds Affinity Value Assigned ToRF Planning Toolbar icons available in RF Planning Tools RF Planning Overview Modifying a Site Creating orTo create or modify a site Creating or Modifying a Site Modifying Buildings in a Site Creating or Modifying Buildings in a Site Planning the 3COM Mobility System Modifying Floors Drawing Floor Importing orDetails To prepare a drawing before importing it into 3WXM Planning the 3COM Mobility System Importing or Drawing Floor Details Operating Tips Useful AutoCAD Operations and Naming-ConventionsCommon AutoCAD Layer Names Importing the Drawing To crop the paper space Floor Plan After ImportingTo adjust the scale Floor Plan After CroppingTo adjust the origin point Origin pointNew location of origin point Hiding Layers Shows the same floor plan as after hiding unnecessary layersAdding or removing a layer Moving an object from one layer to anotherTo clean up a drawing Importing or Drawing Floor Details Planning the 3COM Mobility System To draw an object Object ActionPlanning the 3COM Mobility System To create RF obstacles for all objects in a layer To create RF obstacles for an area in a drawingTo use the Create RF Obstacle Dialog box To create RF obstacles by grouping objectsCreate RF Obstacle dialog box is shown in Figure Drawing RF Obstacles 3WXM supports concave polygons. a concave Specifying the RF Characteristics of a Floor Adding LOS Points Site Survey RecommendationsTo import LOS points from a file Specifying the RF Characteristics of a Floor Planning the 3COM Mobility System To create LOS points in 3WXM Click Next. The radio configuration page appears Specifying the RF Characteristics of a Floor To delete an LOS point To move an LOS pointGenerating a Site Survey Order Click Generate Importing RF Measurements Click Next Applying the RF Measurements to the Floor Plan To create a wiring closet Planning the 3COM Mobility System Shared Coverage Areas Shows an example of shared coverage areasDrawing a Coverage Area Unsupported Shared Coverage Area ExampleObject Action Specifying the Wireless Technology for a Coverage Area Specifying Coverage Area Properties Click Next. The Floor Properties page appears Specifying Floor Properties for the Coverage AreaSpecifying Default Device Settings for the Coverage Area Planning the 3COM Mobility System WX4400 switches support indirect MAP connections only Configuring Capacity Calculation for Data Configuring Capacity Calculation for Voice Planning the 3COM Mobility System Areas Planning the 3COM Mobility System Defining Wireless Coverage Areas Planning the 3COM Mobility System Defining Wireless Coverage Areas Planning the 3COM Mobility System Location Creating and Placing An Icon for a Third-Party Access PointAP Icon to its Floor Place tabPlanning the 3COM Mobility System Placing Third-Party Access Points Planning the 3COM Mobility System MAPs Placing InstalledAuto-Configured PlanPlanning the 3COM Mobility System To specify design constraints WX4400 switches support indirect MAP connections only Computing MAP Placement To compute and place MAPs Go to To review coverage area computation To review coverage area computationPlanning the 3COM Mobility System Locking and Unlocking MAPs To lock a MAPTo assign channels Channel Assignment to Minimize Co-Channel InterferenceComputing MAP Placement Planning the 3COM Mobility System To compute optimal power Planning the 3COM Mobility System To resolve optimal power computation problems Verifying the Wireless Network Resolving coverage gapsTo place an RF measurement point „ To list disabled access points, select Show Disabled MAPs Signal strengths for any location on the floor To use the RF interactive measurement modeRF Measurement Information Shows the information available in the RF measurement tableValue Information Generating RFNetwork Design To generate a work order reportClick Generate Work Order WX Switch Configuration Objects ParametersWX Switch Object Types Category Object Type DescriptionWX Switch Object Types AAA Adding a WX Switch to the Network Plan Creating a WX Switch Using the Create Wireless Switch WizardConfigured Switch Network Plan Click Management InterfaceConfiguration File Click WX AssociationsAdvanced Configuring BasicSettings ReviewingUsing the Create Wireless Switch Wizard Password is encrypted when you type it Click NextConfiguring WX System Parameters To set up a switch „ V2c Setting Up a Switch „ 11b „ 11g Modifying Basic Switch Parameters Model Changing the WX To change the WX software versionSoftware Version Select the model from the drop-down list Click OKInformation To convert an Auto DAP To delete an Auto DAP Viewing Port Settings Viewing Changing Port SettingsSettings Enabling Link Notifications Click Properties Select Snmp Link Traps Click Next Configuring WX System Parameters Viewing and Changing Port Settings Configuring WX System Parameters Viewing and Changing Port Settings Viewing Port Groups To view port groups Select Port GroupsGroup Content panel, select the row for the port groupCreating a Port Group To create a port group Click PropertiesSelect Management Services 3WXM, Https is always enabled and listens on portManagement Service Settings ViewingViewing and Changing Management Settings Configuring an Snmp V1 or V2c Community String Task List panel, select CommunityConfiguring a USM Snmp V3 User Configuring WX System Parameters Configuring a Notification Profile Configuring a Notification TargetClick Properties Community string names are transmitted in clear text Configuring WX System Parameters Select the object you want to modify Configuring 3WXM Services as a Notification TargetTask List panel, select 3WXM Notification Target Community string names are transmitted in clear text Click Finish Trace Settings Setting LogViewing Log Settings To view log settings Configure logging to the console Creating an External Log Server Creating a Trace AreaSetting Configuring IPServices Settings Static routesSelect IP Services You cannot use the word all as the name of an IP alias Select IP Services Select IP Services Configuring VLANs Users and VLANsRoaming and VLANs Viewing VLANs To view VLANsConfiguring WX System Parameters Viewing and Configuring VLANs To tag a port or port group, select the Tag checkbox Changing STP Port Settings in a Vlan Click OK Enabling STP Fast Convergence Features Configuring WX System Parameters Configuring Static Multicast Ports Click Properties Viewing and Configuring VLANs Restricting Layer A VlanSelect Dhcp Server to enable it on the Vlan Server that stores confidential salary information Configuring ACLsLast ACE of an ACL Viewing ACLs To view ACLs To configure an ACL IP Protocol Number Configuring WX System Parameters „ 0 normal-Packets with normal TOS defined are filtered To enable the hit counter for an ACE Configuring Advanced ACL SettingsTo change the hit sample rate Icmp Messages and Codes To enable the established option for TCP ACEsTo specify the type and code for Icmp ACEs Icmp Message Type Number Code NumberAdding a New ACE to a Configured ACL Viewing and Configuring ACLs Individual ACE from an ACL Mappings Changing CoSMappings Mapping Setting a Range Dscp Values to a Configuring WX System Parameters Viewing Configuring Wireless Services Service Profiles Service Profile ParametersService Profile Parameters Access Rules Service Profile Type Access Rule Type Default Access GlobViewing and Configuring Wireless Services „ Local EAP-TLS-EAP with TLS Services Viewing Wireless To view wireless servicesSelect Wireless Services „ WPA Select the EAP type Configuring Wireless Parameters „ WPA Configuring Wireless Parameters Web-Portal WebAAA Service „ Static WEP Click Next Viewing and Configuring Wireless Services Access Service „ WPA Go to step Click Finish Service Profile Tab WPA, RSN TabBroadcast Settings Tab Authorization Attributes TabStatic WEP Tab Voice Configuration Tab Radio Profile Selection TabClient Timeout tab lists settings for client session timers Client Timeout TabRate Configuration Tab Viewing and Configuring Wireless Services Soda Tab Click Properties Modifying Encryption Settings Viewing and Configuring Wireless Services Modifying Access Rules Profiles Configuring RadioSelect Radio Profiles Creating a Radio To create a radio profile ProfileClick Reset To Default Radio Profile TabAttributes Tab Auto Tune Tab Service Profile Selection Tab Radio Selection TabProfile Settings Auto-DAP ProfileProfile Settings Viewing and Changing the Auto-DAP Profile Through radio signals Configuring MAPsDAPs into Statically Configured DAPs Deleting Auto DAPs See Deleting Auto DAPs onSelect Access Points Viewing the To view the configured MAPsConfigured MAPs Maximum MAPs Supported Per Switch„ 112233445566778899aabbccddeeff00 Transmit Power box, specify the transmit power for the radio To configure a directly connected MAP Channel Number list, select the channel number for the radio Click the plus sign next to Wireless Transmit Power box, specify the transmit power for the radio Configuring Wireless Parameters Changing Radio ConfiguredViewing Radio To view radio settings Select RadiosSelect RF Detection Detection SettingsChanging RF OUI ListList Edit the MAC address in the MAC Address box Click OKCountermeasures Select RF Detection Select Enable AP Signature Configuring Wireless Parameters Local User CreatingManaging Users DatabaseYou can create two types of users in the local database Groups in the Local DatabaseUser Creating a Named To create a named userSelect Local User Database Group and Assigning Users To It Creating and Managing Users in the Local User Database Task List panel, select MAC User Group Encryption-type Authentication Attributes for Local UsersEnd-date Filter-id Idle-timeoutMobility-profile Session-timeout Service-typeSsid Start-date Start-date , end-date , or both600 Time-of-dayTime-of-day tu1000-1600,th1000-1 Time-of-day wk0900-1700,sa2200A 3Com Mobility System Radius SettingsGroup UrlServer Settings, Servers, Server GroupsSelect Radius Click Next Viewing and Configuring Radius Settings To change default values for Radius parameters 802.1X Settings Configuring Global802.1X Settings SelectAttempts Click Save Select 802.1X Access Rules Network AccessNetwork Access Rules RulesViewing and Configuring 802.1X Network Access Rules „ Local EAP-TLS-EAP with TLS Viewing and Configuring 802.1X Network Access Rules Network Access Rule Configuring MACSelect MAC Access Rules Viewing and Configuring MAC Network Access Rules Page Viewing Configuring WebAAA Network Access Rules Viewing Web AAA To view Web AAA network access rulesCreating a Web AAA To create a Web AAA network access rule Viewing and Configuring WebAAA Network Access Rules Select Last Resort Access Rules Viewing Configuring Last-Resort Network Access RulesTask List panel, select Last Resort Network Access Viewing and Configuring Last-Resort Network Access Rules Administrator Access Rules Configuring WXAdministrator Select Admin Access RulesRule for Console Access Rule for Telnet or SSH Access Viewing and Configuring WX Administrator Access Rules Support for Configuring AAAUsers Viewing and Configuring AAA Support for Third-Party AP Users Proxy for a Client Port Connected to Third-Party APPolicy Rules Changing LocationPolicy Rules Select Location PolicyCreating a Location To create a location policy rule Policy RuleViewing and Changing Location Policy Rules Profiles Changing MobilitySelect Mobility Profiles Viewing and Changing Mobility Profiles Page Remotely How Remote WX Configuration Works Drop Ship WXR100 OnlyShows the location of the Fn switch and the LED Staged WX „ The network plan containing the WX switches must be open „ 3WXM must be installed and 3WXM Services must be running3WXM Requirements Configuration by Switch forStaging a WX Power off or restart the switch Enable the auto-config optionSave the configuration changes Configure an IP interface on the VlanConfigure DNS server information Enable the MSS DNS clientWX4400# set ip dns domain examplecorp.com WX4400# save config Configuration with Configured SwitchCompleting its Replaced switch’s configuration Replacing a SwitchReusing its At the remote officeTo enable replacement of remote switches How Switch Replacement WorksReplacement EnablingTo replace a switch WX File Document where the options are describedOptions Devices Tab Switches in the network planWX File Management Options in 3WXM Devices Tasks Task Option Description GroupTask Task Option Group Description Task Task Option Group Network Configuration ChangesSynchronizing Local ChangesUndoing Local or To undo local or network changes Network ChangesTo immediately deploy local changes Nonmatching To schedule deployment of local changesTo synchronize the changes, do one of the following To add a system image Repository. Images are storedTo delete a system image To immediately install an image on WX switches To schedule installation of an image on WX switchesTo reboot WX switches and the MAPs they are managing Rebooting WX Switches or MAP Access PointsYou can use 3WXM to reboot WX switches and MAPs To reboot MAPs without rebooting the switchDisabling Switch by 3WXMEnabling or Management of aScheduled Operation Canceling aOperation Log To display the operation logImporting Exporting Switch Configuration Files To import a configurationTo export a configuration Change Polling To modify configuration polling optionsModifying Alerts panelManaging WX System Images and Configurations Changes Toolbar Options on Verification Tab To disable a specific instance of a warning or error To resolve an error or warningSelect the warning or error message To globally disable a warning or error To change verification optionsTo disable or reenable a rule Or for specific instancesVerifying Configuration Changes When 3WXM connects to 3WXM Services or a WX switch, „ 802.1X-EAP certificate for a WX switch„ WebAAA certificate for a WX switch Distributing PKS #12 filesCertificates ProcessingTo process a certificate To review certificate details ManagingCertificate that is stored in the 3WXM certificate store Select Tools Certificate ManagementDistributing SwitchesOr more WX switches Certificates to WXPolicies Creating a Policy Access the Create Policy wizardViewing Policies To view policiesChanges to Switches Feature Settings PolicyApplying Policy Wireless Features Feature CategoriesFor This Feature Area See System Features AAA FeaturesEvent Log DisplayingToolbar Options Reviewing Event Refreshing EventData Filtering EventTo filter messages by content Using the Event LOG Severity To export filtered data Generating Reports WX Configuration Configuration reportsMobility Domain Configuration Client ErrorsTo generate an inventory report Generating anInventory Report Inventory Report SectionsMobility Domain Generating aReport Configuration Report WX Configuration Report SectionsSummary Report Details Report Click Generate Errors Report „ Session Properties „ Location History Generating a Network Usage Report Network usage report lists network usage statisticsSummary Report Scope is always MAP Radio and cannot be changed Details Report Generating a Rogue Summary Report Click Generate Select the language „ English „ German Click View Work Order Switches and shows information based on those traps 3WXM Services regularly checks the status of the networkStatistics and the event log Requirements for AccessingTo access monitored data MonitoringUsing the Explore Window Monitoring the Network Toolbar Options in Link Display of Explore View „ Green UpIconDescription Lists the options on the toolbar in the floor display Toolbar Options in Floor Display of Explore ViewToolbar Options in Floor Display of Explore View Monitoring the Network Using the Explore Window Monitoring the Network Coverage Display Options in Explore Window Display Option3Com radio on the floor To take an RF measurementRssi measurements RF measurement point Summary View Using the StatusImmediately updated for the new measurement point Click on the new measurement point. The measurement data isOn the network Using the ClientMonitor View Toolbar Options in Client Monitor ViewData Displayed When a Mobility Domain or Site is Selected That you can double-click on the arrow to change Number of times authentication for a client failed Data Displayed When a Switch, MAP, or Radio is Selected Client Activity Columns When a Mobility Domain is SelectedSsid Activity Details for Authentication Failure Activity Details for Association FailureActivity Details for Authorization Failure PeapActivity Details for Authorization Successful ColumnDescriptionHave been collected and will be transmitted to the new Activity Details for Client Cleared Activity Details for DisassociationActivity Details for Dot1x Failure Data Displayed When a Mobility Domain is Selected Activity Details for RoamData Displayed When a WX Switch, MAP, or Radio is Selected Client Sessions Columns When a Mobility Domain is SelectedDisplaying Session Details SNRSession Properties Columns „ Updatedtoroam User is roaming. Session Session Statistics Columns Session Statistics Columns Adding a Client to the Watch List Clients on the watch list by MAC addressLocation History Columns Using the Client Monitor View „ natasha@example.com Click Next. The search results appearDisplaying the Client Watch List Details are displayed on the following tabs Geographical Location On the floor To display a client’s sessionMonitoring the Network Session Using the RF Window Displaying RFRF Monitor RF Neighborhood Columns Window BssidRF Monitor Activity Log Columns Statistics RF Monitor Environment ColumnsRF Monitor Environment Columns RF Trends Columns Can indicate interference from a non-802.11 deviceTo access performance statistics from the network StatisticsMonitoring the Network Accessing Realtime Performance Statistics „ Octets In/Out „ Packets In/Out „ Errors In/Out Viewing Current DataViewing Historical Data Viewing Data in Percentages Exporting Performance Data To export data to a fileMonitoring the Network Rogues Converting a rogue into a third party APThat truly are rogues Notification Type Description Rogue detection notifications Rogue Detection RequirementsSnmp Notifications for RF Detection IDS/DoS notificationsSnmp Notifications for RF Detection Detecting and Combatting Rogue Devices Rogue Detection Lists Detection Screen Using the RogueMain 3WXM tool bar Toolbar Options on Rogue Detection Screen To filter the rogue list Current, Current Hour, Current Day, and History Tabs Listeners Tab Activity Log TabActivity Log Columns Listeners Columns Clients TabLists the information displayed on the Clients tab Client ColumnsGeographical Displaying aRogue’s LocationDisplaying a Rogue’s Geographical Location To add a device to the ignore list Converting a Rogue Adding a Device toAttack List Into a Third PartyTo display the list To remove a third-party APClients to the Black Configuring RFAdding a Rogue’s ListDetecting and Combatting Rogue Devices RF obstacle data Importing RFMeasurements Importing the To import the measurementsOptimizing a Network Plan Measurements to Floor Plan Coverage holes by displaying coverage Locating and FixingCoverage Holes Locating a Coverage To locate a coverage holeLocating and Fixing Coverage Holes Installed to Network Plan Preferences Values ResettingTools Preferences Changing User Interface Options Changing NetworkSynchronization To change network optionsWithin Window Style, select one of the following Check on Changing ToolsCertificate Click the Certificate Handling tabFor RF Planning Typical Client’s Transmit PowerChanging Options You can change the following RF planning optionsTo Change a Color Defining a Color from the PaletteDefining a Color by Changing HSB Properties Defining a Color by Changing RGB Properties Changing 3WXM Logging Options Chapter a Changing 3WXM Preferences Preferences Chapter B Changing 3WXM Services Preferences Starting or 3WXM ServicesServices StoppingTo connect to 3WXM Services Connecting to 3WXM ServicesStart 3WXM client Verify that the service is running on the server Data To complete the connectionInformation, and access control to 3WXM Services Changing ServiceTo change service settings Click the WXs Connection Settings tab WX connection settings control the timeout and retries forService will accept from the WX switches Changing WXChanging WX Connection Settings Sources of Monitor Data Click the Monitoring Settings tab Polling Interval is 5 minutes and cannot be changedHttps//ip-addr Managing Network Plans Chapter B Changing 3WXM Services Preferences Backup Chapter B Changing 3WXM Services Preferences Product ServicesRegister Your PurchaseOnline Access SoftwareTroubleshoot DownloadsContact Us Latin America Telephone Technical Support and Repair Country Telephone NumberUS and Canada Telephone Technical Support and Repair Index NumbersIndex Monitors WX switch performance Saving SSHIndex Index