Changing Location, Policy Rules | 3Com 3CRWX120695A WXR100 manual

Viewing and Changing Location Policy Rules 325

Viewing and	During the login process, the AAA authorization process is started immediately
Changing Location	after clients are authenticated to use the WX switch. During authorization,
Policy Rules	MSS assigns the user to a VLAN and applies optional user attributes, such as a
	session timeout value and one or more security ACL filters.
	A location policy is a set of rules that enables you to locally set or change
	authorization attributes for a user after the user is authorized by AAA,
	without making changes to the AAA server. For example, you might want
	to enforce VLAN membership and security ACL policies on a particular
	WX based on a client’s organization or physical location, or assign a VLAN
	to users who have no AAA assignment. For these situations, you can
	configure the location policy on the switch.
	You can use a location policy to locally set or change the Filter-Id and
	VLAN-Name authorization attributes obtained from AAA.
	Conditions within a rule are ANDed. All conditions in the rule must match
	in order for MSS to take the specified action. If the location policy
	contains multiple rules, MSS compares the user information to the rules
	one at a time, in the order the rules appear in the switch’s configuration
	file, beginning with the rule at the top of the list. MSS continues
	comparing until a user matches all conditions in a rule or until there are
	no more rules.
	Any authorization attributes not changed by the location policy remain
	active.
	Each WX switch can have one location policy. The location policy consists
	of a set of rules. Each rule contains conditions, and an action to perform
	if all conditions in the rule match. The location policy can contain up to
	150 rules.

Viewing Location To view location policy rules:

Policy Rules

1Select the Configuration tool bar option.

2In the Organizer panel, click the plus sign next to the WX switch.

3Click the plus sign next to AAA.

4Select Location Policy.

The configured location policy rules appear.

Image 325

3Com 3CRWX120695A WXR100, 3CRWXR10095A, WX4400 3CRWX440095A WX1200 Changing Location, Policy Rules, Select Location Policy

Contents

WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100 3CRWXR10095A Wireless LAN Mobility System United States Government Legend 3Com Corporation 350 Campus Drive Marlborough, MA USA Contents Enabling Keyboard Shortcut Mnemonics Windows XP Only Getting Started 131 125 Placing Third-Party Access Points 186 Configuring Snmp 187 175 Launching a Web Management Session with the Switch 176 233 Resetting CoS Mapping to their Default Values 244 241 Configuring an 802.1X Wireless Service 242247 258 316 299 Creating a Radius Server Group 300319 320 Example 3 Deployment Site Has DNS But No Dhcp 337WX File Management Options Devices Tab 347 356 Enabling or Disabling Management of a Switch by 3WXMViewing the Operation Log 358 375 Applying Policy Changes to Switches 375394 Generating a Radio Details Report 395 410 Displaying 802.11 Coverage Generating a Site Survey Order Generating a Work Order412 439 468 465 Register Your Product 507 496Page List conventions that are used throughout this guide ConventionsIcon Description Documentation Pddtechpubscomments@3com.com Comments Example Requirements for 3WXM client 3WXM Client Hardware RequirementsHardware Requirements for Running 3WXM Client Hardware Requirements for Running 3WXM Monitoring Service Hardware Requirements for 3WXM Monitoring ServiceHard drive space Available Monitor resolution Number Radios WX Switches 50+ WX Switches Software InstallationPreparing for User Privileges Installing 3WXM Installing 3WXM Installing 3WXM Click Uninstall Click Continue Plan is displayed by the 3WXM client Overview Display Panels Display Panels Alert Category Description Alerts Rogue Detection Alerts Reviewing and Deploying Switch Configuration Changes Saving or Discarding Configuration Changes Configuration Wizards Working with the 3WXM User Interface Resize Icons Properties DialogsOption Description Menu Option Description 3WXM Menu Options Menu Option Description 3WXM Tool Bar Options Configuration Verification Deleting Copying, PastingObjects Organizer Panel Replace Organizer Panel Copy and Paste Content Panel Shortcut Enabling KeyboardMnemonics Windows XP Only Enabling Keyboard Shortcut Mnemonics Windows XP Only Working with the 3WXM User Interface Following steps describe how to start 3WXM Switch Manager 3WXM, restricting access to 3WXM, creatingStarting 3WXM Managing network plans, and defining a Mobility Domain Next Starting 3WXM Getting Started Restricting Access to 3WXM Accounts Working with Network Plans Creating a Network To create a network plan Plan Plans 3WXM installation directory on the 3WXM Services hostCan also share a network plan with others Saving a Network Plan with a New Name Managing Network Plans Plan Managing Network Plans To disable notification Defining a Mobility Domain Protocol Port Function Traffic Ports Used for AAA Servers and Management Servers Creating a Creating a WX SwitchThird-Party AP Working with Network Plans Settings to Auto-TuningChanging Country Code Click Next Click Finish Uploading a WX Switch into Network Plan Converting Auto DAPs into Statically Configured APs Affinity Value Assigned To Affinities for Network Domain Seeds RF Planning Toolbar icons available in RF Planning Tools RF Planning Overview Modifying a Site Creating orTo create or modify a site Creating or Modifying a Site Modifying Buildings in a Site Creating or Modifying Buildings in a Site Planning the 3COM Mobility System Modifying Floors Drawing Floor Importing orDetails To prepare a drawing before importing it into 3WXM Planning the 3COM Mobility System Importing or Drawing Floor Details Operating Tips Useful AutoCAD Operations and Naming-ConventionsCommon AutoCAD Layer Names Importing the Drawing Floor Plan After Importing To crop the paper space Floor Plan After Cropping To adjust the scale Origin point To adjust the origin point New location of origin point Shows the same floor plan as after hiding unnecessary layers Hiding Layers Moving an object from one layer to another Adding or removing a layer To clean up a drawing Importing or Drawing Floor Details Planning the 3COM Mobility System Object Action To draw an object Planning the 3COM Mobility System To create RF obstacles for an area in a drawing To create RF obstacles for all objects in a layer To use the Create RF Obstacle Dialog box To create RF obstacles by grouping objectsCreate RF Obstacle dialog box is shown in Figure Drawing RF Obstacles 3WXM supports concave polygons. a concave Specifying the RF Characteristics of a Floor Adding LOS Points Site Survey RecommendationsTo import LOS points from a file Specifying the RF Characteristics of a Floor Planning the 3COM Mobility System To create LOS points in 3WXM Click Next. The radio configuration page appears Specifying the RF Characteristics of a Floor To delete an LOS point To move an LOS pointGenerating a Site Survey Order Click Generate Importing RF Measurements Click Next Applying the RF Measurements to the Floor Plan To create a wiring closet Planning the 3COM Mobility System Shows an example of shared coverage areas Shared Coverage Areas Unsupported Shared Coverage Area Example Drawing a Coverage Area Object Action Specifying the Wireless Technology for a Coverage Area Specifying Coverage Area Properties Specifying Floor Properties for the Coverage Area Click Next. The Floor Properties page appears Specifying Default Device Settings for the Coverage Area Planning the 3COM Mobility System WX4400 switches support indirect MAP connections only Configuring Capacity Calculation for Data Configuring Capacity Calculation for Voice Planning the 3COM Mobility System Areas Planning the 3COM Mobility System Defining Wireless Coverage Areas Planning the 3COM Mobility System Defining Wireless Coverage Areas Planning the 3COM Mobility System AP Icon to its Floor Creating and Placing An Icon for a Third-Party Access PointLocation Place tab Planning the 3COM Mobility System Placing Third-Party Access Points Planning the 3COM Mobility System Auto-Configured Placing InstalledMAPs Plan Planning the 3COM Mobility System To specify design constraints WX4400 switches support indirect MAP connections only Computing MAP Placement To compute and place MAPs To review coverage area computation Go to To review coverage area computation Planning the 3COM Mobility System To lock a MAP Locking and Unlocking MAPs Channel Assignment to Minimize Co-Channel Interference To assign channels Computing MAP Placement Planning the 3COM Mobility System To compute optimal power Planning the 3COM Mobility System To resolve optimal power computation problems Resolving coverage gaps Verifying the Wireless Network To place an RF measurement point „ To list disabled access points, select Show Disabled MAPs To use the RF interactive measurement mode Signal strengths for any location on the floor RF Measurement Information Shows the information available in the RF measurement tableValue Network Design Generating RFInformation To generate a work order report Click Generate Work Order Parameters WX Switch Configuration Objects Category Object Type Description WX Switch Object Types WX Switch Object Types AAA Creating a WX Switch Using the Create Wireless Switch Wizard Adding a WX Switch to the Network Plan Click Management Interface Configured Switch Network Plan Click WX Associations Configuration File Settings Configuring BasicAdvanced Reviewing Password is encrypted when you type it Click Next Using the Create Wireless Switch Wizard Configuring WX System Parameters To set up a switch „ V2c Setting Up a Switch „ 11b „ 11g Modifying Basic Switch Parameters Software Version Changing the WX To change the WX software versionModel Select the model from the drop-down list Click OK Information To convert an Auto DAP To delete an Auto DAP Viewing Port Settings Viewing Changing Port SettingsSettings Enabling Link Notifications Click Properties Select Snmp Link Traps Click Next Configuring WX System Parameters Viewing and Changing Port Settings Configuring WX System Parameters Viewing and Changing Port Settings Select Port Groups Viewing Port Groups To view port groups Creating a Port Group To create a port group Content panel, select the row for the port groupGroup Click Properties Management Service Settings 3WXM, Https is always enabled and listens on portSelect Management Services Viewing Viewing and Changing Management Settings Task List panel, select Community Configuring an Snmp V1 or V2c Community String Configuring a USM Snmp V3 User Configuring WX System Parameters Configuring a Notification Target Configuring a Notification Profile Click Properties Community string names are transmitted in clear text Configuring WX System Parameters Select the object you want to modify Configuring 3WXM Services as a Notification TargetTask List panel, select 3WXM Notification Target Community string names are transmitted in clear text Click Finish Trace Settings Setting LogViewing Log Settings To view log settings Configure logging to the console Creating a Trace Area Creating an External Log Server Services Settings Configuring IPSetting Static routes Select IP Services You cannot use the word all as the name of an IP alias Select IP Services Select IP Services Users and VLANs Configuring VLANs Viewing VLANs To view VLANs Roaming and VLANs Configuring WX System Parameters Viewing and Configuring VLANs To tag a port or port group, select the Tag checkbox Changing STP Port Settings in a Vlan Click OK Enabling STP Fast Convergence Features Configuring WX System Parameters Configuring Static Multicast Ports Click Properties Viewing and Configuring VLANs A Vlan Restricting Layer Select Dhcp Server to enable it on the Vlan Server that stores confidential salary information Configuring ACLsLast ACE of an ACL Viewing ACLs To view ACLs To configure an ACL IP Protocol Number Configuring WX System Parameters „ 0 normal-Packets with normal TOS defined are filtered To enable the hit counter for an ACE Configuring Advanced ACL SettingsTo change the hit sample rate To specify the type and code for Icmp ACEs To enable the established option for TCP ACEsIcmp Messages and Codes Icmp Message Type Number Code Number Adding a New ACE to a Configured ACL Viewing and Configuring ACLs Individual ACE from an ACL Mappings Changing CoSMappings Mapping Setting a Range Dscp Values to a Configuring WX System Parameters Viewing Configuring Wireless Services Service Profile Parameters Service Profiles Service Profile Parameters Service Profile Type Access Rule Type Default Access Glob Access Rules Viewing and Configuring Wireless Services „ Local EAP-TLS-EAP with TLS Services Viewing Wireless To view wireless servicesSelect Wireless Services „ WPA Select the EAP type Configuring Wireless Parameters „ WPA Configuring Wireless Parameters Web-Portal WebAAA Service „ Static WEP Click Next Viewing and Configuring Wireless Services Access Service „ WPA Go to step Click Finish WPA, RSN Tab Service Profile Tab Broadcast Settings Tab Authorization Attributes TabStatic WEP Tab Radio Profile Selection Tab Voice Configuration Tab Client Timeout tab lists settings for client session timers Client Timeout TabRate Configuration Tab Viewing and Configuring Wireless Services Soda Tab Click Properties Modifying Encryption Settings Viewing and Configuring Wireless Services Modifying Access Rules Profiles Configuring RadioSelect Radio Profiles Profile Creating a Radio To create a radio profile Radio Profile Tab Click Reset To Default Attributes Tab Auto Tune Tab Radio Selection Tab Service Profile Selection Tab Auto-DAP Profile Profile Settings Profile Settings Viewing and Changing the Auto-DAP Profile DAPs into Statically Configured DAPs Deleting Auto DAPs Configuring MAPsThrough radio signals See Deleting Auto DAPs on Configured MAPs Viewing the To view the configured MAPsSelect Access Points Maximum MAPs Supported Per Switch „ 112233445566778899aabbccddeeff00 Transmit Power box, specify the transmit power for the radio To configure a directly connected MAP Channel Number list, select the channel number for the radio Click the plus sign next to Wireless Transmit Power box, specify the transmit power for the radio Configuring Wireless Parameters Viewing Radio To view radio settings ConfiguredChanging Radio Select Radios Changing RF Detection SettingsSelect RF Detection OUI List Edit the MAC address in the MAC Address box Click OK List Countermeasures Select RF Detection Select Enable AP Signature Configuring Wireless Parameters Managing Users CreatingLocal User Database Groups in the Local Database You can create two types of users in the local database User Creating a Named To create a named userSelect Local User Database Group and Assigning Users To It Creating and Managing Users in the Local User Database Task List panel, select MAC User Group Encryption-type Authentication Attributes for Local UsersEnd-date Filter-id Idle-timeoutMobility-profile Session-timeout Service-typeSsid Start-date , end-date , or both Start-date Time-of-day tu1000-1600,th1000-1 Time-of-day600 Time-of-day wk0900-1700,sa2200 Group Radius SettingsA 3Com Mobility System Url Server Settings, Servers, Server GroupsSelect Radius Click Next Viewing and Configuring Radius Settings To change default values for Radius parameters 802.1X Settings Configuring Global802.1X Settings Select Attempts Click Save Network Access Rules Network AccessSelect 802.1X Access Rules Rules Viewing and Configuring 802.1X Network Access Rules „ Local EAP-TLS-EAP with TLS Viewing and Configuring 802.1X Network Access Rules Network Access Rule Configuring MACSelect MAC Access Rules Viewing and Configuring MAC Network Access Rules Page Viewing Web AAA To view Web AAA network access rules Viewing Configuring WebAAA Network Access Rules Creating a Web AAA To create a Web AAA network access rule Viewing and Configuring WebAAA Network Access Rules Select Last Resort Access Rules Viewing Configuring Last-Resort Network Access RulesTask List panel, select Last Resort Network Access Viewing and Configuring Last-Resort Network Access Rules Administrator Configuring WXAdministrator Access Rules Select Admin Access Rules Rule for Console Access Rule for Telnet or SSH Access Viewing and Configuring WX Administrator Access Rules Support for Configuring AAAUsers Viewing and Configuring AAA Support for Third-Party AP Users Port Connected to Third-Party AP Proxy for a Client Policy Rules Changing LocationPolicy Rules Select Location Policy Policy Rule Creating a Location To create a location policy rule Viewing and Changing Location Policy Rules Profiles Changing MobilitySelect Mobility Profiles Viewing and Changing Mobility Profiles Page Remotely Drop Ship WXR100 Only How Remote WX Configuration Works Shows the location of the Fn switch and the LED Staged WX „ The network plan containing the WX switches must be open „ 3WXM must be installed and 3WXM Services must be running3WXM Requirements Configuration by Switch forStaging a WX Save the configuration changes Enable the auto-config optionPower off or restart the switch Configure an IP interface on the Vlan Enable the MSS DNS client Configure DNS server information WX4400# set ip dns domain examplecorp.com WX4400# save config Configuration with Configured SwitchCompleting its Reusing its Replacing a SwitchReplaced switch’s configuration At the remote office Replacement How Switch Replacement WorksTo enable replacement of remote switches Enabling To replace a switch WX File Document where the options are describedOptions Devices Tab Switches in the network planWX File Management Options in 3WXM Task Option Description Group Devices Tasks Task Task Option Group Description Task Task Option Group Synchronizing Local Configuration ChangesNetwork Changes Network Changes Undoing Local or To undo local or network changes To immediately deploy local changes Nonmatching To schedule deployment of local changesTo synchronize the changes, do one of the following To add a system image Repository. Images are storedTo delete a system image To schedule installation of an image on WX switches To immediately install an image on WX switches You can use 3WXM to reboot WX switches and MAPs Rebooting WX Switches or MAP Access PointsTo reboot WX switches and the MAPs they are managing To reboot MAPs without rebooting the switch Enabling or Switch by 3WXMDisabling Management of a Operation Log Canceling aScheduled Operation To display the operation log To import a configuration Importing Exporting Switch Configuration Files To export a configuration Modifying To modify configuration polling optionsChange Polling Alerts panel Managing WX System Images and Configurations Changes Toolbar Options on Verification Tab To disable a specific instance of a warning or error To resolve an error or warningSelect the warning or error message To change verification options To globally disable a warning or error Or for specific instances To disable or reenable a rule Verifying Configuration Changes „ WebAAA certificate for a WX switch „ 802.1X-EAP certificate for a WX switchWhen 3WXM connects to 3WXM Services or a WX switch, Distributing PKS #12 files Certificates ProcessingTo process a certificate Certificate that is stored in the 3WXM certificate store ManagingTo review certificate details Select Tools Certificate Management Or more WX switches SwitchesDistributing Certificates to WX Policies Viewing Policies Access the Create Policy wizardCreating a Policy To view policies Changes to Switches Feature Settings PolicyApplying Policy For This Feature Area See System Features Feature CategoriesWireless Features AAA Features Event Log DisplayingToolbar Options Data Refreshing EventReviewing Event Filtering Event To filter messages by content Using the Event LOG Severity To export filtered data Generating Reports Mobility Domain Configuration Configuration reportsWX Configuration Client Errors Inventory Report Generating anTo generate an inventory report Inventory Report Sections Mobility Domain Generating aReport WX Configuration Report Sections Configuration Report Summary Report Details Report Click Generate Errors Report „ Session Properties „ Location History Network usage report lists network usage statistics Generating a Network Usage Report Summary Report Scope is always MAP Radio and cannot be changed Details Report Generating a Rogue Summary Report Click Generate Select the language „ English „ German Click View Work Order Switches and shows information based on those traps 3WXM Services regularly checks the status of the networkStatistics and the event log To access monitored data AccessingRequirements for Monitoring Using the Explore Window Monitoring the Network Toolbar Options in Link Display of Explore View „ Green UpIconDescription Toolbar Options in Floor Display of Explore View Lists the options on the toolbar in the floor display Toolbar Options in Floor Display of Explore View Monitoring the Network Using the Explore Window Monitoring the Network Display Option Coverage Display Options in Explore Window To take an RF measurement 3Com radio on the floor Rssi measurements RF measurement point Immediately updated for the new measurement point Using the StatusSummary View Click on the new measurement point. The measurement data is Monitor View Using the ClientOn the network Toolbar Options in Client Monitor View Data Displayed When a Mobility Domain or Site is Selected That you can double-click on the arrow to change Number of times authentication for a client failed Client Activity Columns When a Mobility Domain is Selected Data Displayed When a Switch, MAP, or Radio is Selected Ssid Activity Details for Association Failure Activity Details for Authentication Failure Peap Activity Details for Authorization Failure ColumnDescription Activity Details for Authorization Successful Have been collected and will be transmitted to the new Activity Details for Disassociation Activity Details for Client Cleared Activity Details for Dot1x Failure Activity Details for Roam Data Displayed When a Mobility Domain is Selected Client Sessions Columns When a Mobility Domain is Selected Data Displayed When a WX Switch, MAP, or Radio is Selected SNR Displaying Session Details Session Properties Columns „ Updatedtoroam User is roaming. Session Session Statistics Columns Session Statistics Columns Adding a Client to the Watch List Clients on the watch list by MAC addressLocation History Columns Using the Client Monitor View Click Next. The search results appear „ natasha@example.com Displaying the Client Watch List Details are displayed on the following tabs Location On the floor To display a client’s session Geographical Monitoring the Network Session Using the RF Window Displaying RFRF Monitor RF Neighborhood Columns Bssid Window RF Monitor Activity Log Columns RF Monitor Environment Columns Statistics RF Monitor Environment Columns Can indicate interference from a non-802.11 device RF Trends Columns Statistics To access performance statistics from the network Monitoring the Network Accessing Realtime Performance Statistics Viewing Current Data „ Octets In/Out „ Packets In/Out „ Errors In/Out Viewing Historical Data Viewing Data in Percentages To export data to a file Exporting Performance Data Monitoring the Network Rogues Converting a rogue into a third party APThat truly are rogues Snmp Notifications for RF Detection Rogue Detection RequirementsNotification Type Description Rogue detection notifications IDS/DoS notifications Snmp Notifications for RF Detection Detecting and Combatting Rogue Devices Rogue Detection Lists Detection Screen Using the RogueMain 3WXM tool bar Toolbar Options on Rogue Detection Screen To filter the rogue list Current, Current Hour, Current Day, and History Tabs Listeners Tab Activity Log TabActivity Log Columns Lists the information displayed on the Clients tab Clients TabListeners Columns Client Columns Rogue’s Displaying aGeographical Location Displaying a Rogue’s Geographical Location To add a device to the ignore list Attack List Adding a Device toConverting a Rogue Into a Third Party To remove a third-party AP To display the list Adding a Rogue’s Configuring RFClients to the Black List Detecting and Combatting Rogue Devices Measurements Importing RFRF obstacle data Importing the To import the measurements Optimizing a Network Plan Measurements to Floor Plan Coverage Holes Locating and FixingCoverage holes by displaying coverage Locating a Coverage To locate a coverage hole Locating and Fixing Coverage Holes Installed to Network Plan Preferences Values ResettingTools Preferences Synchronization Changing NetworkChanging User Interface Options To change network options Within Window Style, select one of the following Certificate Changing ToolsCheck on Click the Certificate Handling tab Changing Options Typical Client’s Transmit PowerFor RF Planning You can change the following RF planning options Defining a Color from the Palette To Change a Color Defining a Color by Changing HSB Properties Defining a Color by Changing RGB Properties Changing 3WXM Logging Options Chapter a Changing 3WXM Preferences Preferences Chapter B Changing 3WXM Services Preferences Services 3WXM ServicesStarting or Stopping To connect to 3WXM Services Connecting to 3WXM ServicesStart 3WXM client Verify that the service is running on the server To complete the connection Data Information, and access control to 3WXM Services Changing ServiceTo change service settings Service will accept from the WX switches WX connection settings control the timeout and retries forClick the WXs Connection Settings tab Changing WX Changing WX Connection Settings Sources of Monitor Data Polling Interval is 5 minutes and cannot be changed Click the Monitoring Settings tab Https//ip-addr Managing Network Plans Chapter B Changing 3WXM Services Preferences Backup Chapter B Changing 3WXM Services Preferences Register Your ServicesProduct Purchase Troubleshoot Access SoftwareOnline Downloads Contact Us Latin America Telephone Technical Support and Repair Country Telephone NumberUS and Canada Telephone Technical Support and Repair Numbers Index Index Monitors WX switch performance SSH Saving Index Index