Mapping an ACL to a Distributed MAP | HP Manager Software specification

Using Access Control Lists for Security 317

Mapping ACLs to Ports, VLANs, or Virtual Ports

You can map ACLs to ports (or port groups), VLANs, or virtual ports. You cannot map an ACL to a MAP port or a wired authentication port.

To map an ACL to ports, VLANs, or virtual ports:

1In the Create ACL wizard, click ACL Map. The ACL Map page appears.

2Do one of the following:

To map an ACL to a Distributed MAP, see “Mapping an ACL to a VLAN”.

To map an ACL to a VLAN, see “Mapping an ACL to a VLAN” on page 317.

To map an ACL to a port or port group, see “Mapping an ACL to a Port” on page 318.

To map an ACL to a virtual port or port group in a VLAN, see “Mapping an ACL to a Virtual Port” on page 318.

Mapping an ACL to a Distributed MAP

1In the ACL Map page, click New.

2Select New ACL Distributed MAP Map. The Create ACL Distributed MAP Map dialog box appears.

3In the Direction list, select In to filter incoming packets or Out to filter outgoing packets.

4In the DAP list, select the Distributed MAP from the list.

5Click Finish to save the mapping. The Create ACL wizard reappears.

6Click Finish to close the Create ACL wizard.

Mapping an ACL to a VLAN

1In the ACL Map page, click New.

2Select New ACL VLAN Map. The Create ACL VLAN Map dialog box appears.

3In the Direction list, select In to filter incoming packets or Out to filter outgoing packets.

4In the Type list, select ID to identify the VLAN by number or Name to identify it by name.

5If you selected Name in step 4, go to step 6. Otherwise, specify a VLAN number in the ID box and go to step 7.

Image 317

HP Manager Software manual Mapping ACLs to Ports, VLANs, or Virtual Ports, Mapping an ACL to a Distributed MAP

Contents

3CRWXR10095A, 3CRWX120695A, 3CRWX440095A Wireless LAN Mobility System United States Government Legend 3Com Corporation 350 Campus Drive Marlborough, MA USA Contents Starting 3WXM Site Objects Alerts Panel Content Panel Monitor Tab 130 Planning the 3COM Mobility System 210 Configuring WX System and Administrative Parameters Configuring DNS 230 Configuring NTP 231 Configuring ARP 233 Configuring IP Aliases226 245 Creating and Managing Users in the Local User Database 268285 300 Managing Certificates 364 361 Displaying 802.11 Coverage 362394 397 448 Generating a Radio Details Report 449 423430 Using 3WXM with HP Openview Register Your Product 497 Obtaining Support for Your ProductPage Icon Description ConventionsList conventions that are used throughout this guide 3WXM for advanced configuration and management Including new features and bug fixesDocumentation This manual uses the following text and syntax conventions Pddtechpubscomments@3com.com Comments Example Requirements HardwareHardware Requirements for Hardware Requirements for Running 3WXM Monitoring Service Hardware Requirements for 3WXM Monitoring ServiceHard drive space Available Monitor resolution Number Radios WX Switches 50+ WX Switches Preparing for InstallationSoftware Installing 3WXM If Autorun is disabled, follow these steps Wizard Using the Installation To use the installation wizard Installing 3WXM Installing 3WXM OpenView Plug-In Installing the HP To install the HP OpenView plug-in Installing 3WXM Click Get Activation Key Installing 3WXM Click Uninstall Click Continue Manager 3WXM interface Switches or monitor network dataOverview Working with the 3WXM User Interface Main 3WXM Menu OptionsWindow View Object Details or View Alerts from the main toolbar Menu Menu Option Description 3WXM Menu Options To add a WX switch Devices Apply Auto-Tune Association failure rates Open the 3Com 3WXM Administrator’s Organizer Panel Working with the 3WXM User Interface Select an object Details are displayed here Object Settings for the following management services Location Policy Object Description Working with the 3WXM User Interface Mobility Domain Objects WX Switch Objects Ports/MAPs Third Party AP Objects Lists the object that can appear under Third Party APs Alerts Panel Content panel with more details Alert Category Description Lists the types of alerts displayed in the Alerts panel Toolbar option of the main 3WXM window Content PanelContent panel displays information for objects selected Monitor Tab Explore Window Working with the 3WXM User Interface „ Green Up Monitor Tab Status Summary Window Monitor Tab Client Monitor Window Monitor Tab RF Monitor Window Monitor Tab RF Trends Window Working with the 3WXM User Interface Resolutions Error/Warning Details Working with the 3WXM User Interface Content Panel Information panel Wizards Configuration Working with the 3WXM User Interface Configuration Wizards Reports Reports Pasting Objects Copying Replace New switch appears under the Mobility Domain Shortcut Enabling KeyboardMnemonics Windows XP Only Enabling Keyboard Shortcut Mnemonics Windows XP Only Working with the 3WXM User Interface Following steps describe how to start 3WXM Switch Manager 3WXM, restricting access to 3WXM, creatingStarting 3WXM Managing network plans, and defining a Mobility Domain Getting Started To 3WXM Restricting Access Getting Started Monitor accounts Monitor AccountsTo create a provision or monitor account Accounts Plans CreatingManaging Network You must select a country code before continuing Plan Saving a Network Plan Creating and Managing Network Plans Saving a Network Plan with a New Name Creating and Managing Network Plans Getting Started Plan Getting Started To override another user’s lock Getting Started Defining a Mobility Domain Protocol Port Function DomainTraffic Ports Used for AAA Servers and Management Servers Do one of the following „ To close the wizard, click Finish Getting Started Building Wizard Provide about your wireless coverage needsNetwork design information Live network Planning the 3COM Mobility System OptionDescription Building Wizard SetupToolbar Options on Setup Building Wizard Edit Content Lists the toolbar icons at the top of the floor display area Toolbar Options on Edit Content Building Wizard Plan RF Coverage Toolbar Options on Plan RF Coverage Building Wizard Optimize RF Coverage Toolbar Options on Optimize RF Coverage Toolbar Options on Report Building Wizard Report Campus Creating a Site Planning the 3COM Mobility System Modifying Buildings in a Site Creating or Planning the 3COM Mobility System Creating or Modifying Buildings in a Site Details Importing orDrawing Floor File Recommendations To prepare a drawing before importing it into 3WXM Preparing a Drawing Before Importing It Importing or Drawing Floor Details Planning the 3COM Mobility System Importing the Drawing Useful AutoCAD Operations and Naming-ConventionsOperating Tips Common AutoCAD Layer Names Click Import Floor Layout Importing or Drawing Floor Details To crop the paper space Importing or Drawing Floor Details Origin point To adjust the origin point New location of origin point Hiding Layers To adjust the scale Adding or removing a layer Moving an object from one layer to another To clean up a drawing Planning the 3COM Mobility System Importing or Drawing Floor Details ObjectAction To draw an objectClick Finish to save the changes and close the wizard Properties Floor Characteristics of aSpecifying the RF To create RF obstacles by grouping objects Go to To use the Create RF Obstacle Dialog box onTo create RF obstacles for an area in a drawing To use the Create RF Obstacle Dialog box ObjectAction Planning the 3COM Mobility System Coverage To create a wiring closet Shared Coverage Areas Area Drawing a Coverage Area Coverage Area Choices wizard appears Go to Specifying the Wireless Technology for a Coverage Area Specifying the Wireless Technology for a Coverage Area Specifying Coverage Area Properties Planning the 3COM Mobility System Specifying Association Information Go to Specifying Association Information Planning the 3COM Mobility System Defining Wireless Coverage Areas WX4400 switches support distributed MAP connections only Setting Attributes for a Third-Party Access Point Planning the 3COM Mobility System Configuring Radio Attributes Moving the AP Icon to its Floor Location Computing MAP Placement To specify design constraints Computing MAP Placement WX4400 switches support indirect MAP connections only To compute and place MAP access points To review coverage area computation Go to To review coverage area computation Computing MAP Placement Planning the 3COM Mobility System To unlock a coverage area Locking and Unlocking Coverage Areas To lock a MAP Locking and Unlocking MAP Access Points To assign channels Planning the 3COM Mobility System To compute optimal power Planning the 3COM Mobility System To resolve optimal power computation problems Resolving coverage gaps Verifying the Wireless Network To place an RF measurement point „ To list disabled access points, select Show Disabled MAPs To use the RF interactive measurement mode Signal strengths for any location on the floor Value Shows the information available in the RF measurement tableRF Measurement Information Generating RF Network Design Information Information Reviewing Layout To see the floor layout, click View Layout Click Generate Work Order To generate a work order Applying RF Auto-Tuning Settings to the Network Plan Click Next. The progress is displayed Click Finish Planning the 3COM Mobility System Following figure shows an example of the wizard WX Switch Wizard „ AAA WX Switch Wizard Overview Settings, and so on. This page is shown above WX Switch Wizard Overview Configuring WX System and Administrative Parameters WX Switch Wizard Overview Insert Wireless Switch Switch toAdding a WX Network Plan Switch Wizard Accessing the WXConfiguration file See Adding a WX Switch to the Network Plan on WX Properties Configuring VLANs Configuring WX System and Administrative Parameters Roaming and VLANs Vlan Names Configuring Vlan Basic Properties To configure Vlan basic properties Adding Ports to a Vlan Configuring Spanning Tree Protocol Configuring WX System and Administrative Parameters Configuring Spanning Tree Port Information Configuring Igmp „ To close the wizard and save the changes, click Finish Configuring Static Multicast Ports Configuring STP Fast Convergence Features Configuring the MSS Dhcp Server Select Spanning Tree Properties Select Config Edit Configuring WX Management Services Setting System To set system information Configuring WX System and Administrative Parameters Configuring WX Management Services Reenabling WebAAA To configure Snmp Do one of the following V1 or V2c Community String Configuring an Snmp To configure an Snmp community string V3 User Configuring an Snmp To configure an SNMPv3 user Configuring WX System and Administrative Parameters To configure a notification target Do one of the following Configuring a Notification ProfileConfiguring a Notification Target For SNMPv3, select the USM user Setting Up System Logging Configuring WX System and Administrative Parameters To set up a syslog server Setting Up a Syslog Server Expand Management Services Configuring Tracing Deleting Traces To delete a trace Organizer pane, expand the WX switch To set summertime information To set up a time zone Configuring WX Management Services Authentication Configuring WiredWired authentication port is an Ethernet port that has Wired users is not encrypted after they are authenticated Network Ports ConfiguringOther networking devices such as switches and routers WX1200 ports support full-duplex mode only Configuring Load Sharing Configuring IP Services Creating Static Routes To close the Create Static Route dialog box, click Finish Configuring Default Routes To create an IP alias Do one of the following Creating IP Aliases Setting Up DNS Basic Properties Adding DNS Servers Click New NTP Server Setting NTP PropertiesCreating NTP Servers Adding ARP Entries Configuring WX System and Administrative Parameters Parameters Configuring Wireless Parameters RSN Service Profile Configuring a Mycorp/mycorp-login.htm Encryption Configuring To configure encryption, follow these stepsConfiguring WEP Configuring a Service Profile WPA and RSN Cipher Suites Configuring WPA or RSNWPA and RSN Authentication Methods To configure WPA or RSN authentication To configure WPA or RSN encryption choices Profile To map a service profile to a radio Configuring Wireless Parameters Configuring a Radio Profile RF Auto-Tuning Configuring a Radio Profile To apply a radio profile to radios Configure a MAP port for each directly connected MAP MAP Access PointsDirectly Connected Connected and Distributed MAPs combined Configuring Wireless Parameters „ 112233445566778899aabbccddeeff00 Configuring Wireless Parameters Transmit Power box, specify the transmit power for the radio Configuring Wireless Parameters Configuring Directly Connected MAP Access Points WX Switch Model Maximum Maximum Booted Configured Access PointsDistributed MAP Indirectly connected MAP Configuring Distributed MAP Access Points „ 112233445566778899aabbccddeeff00 Configuring Distributed MAP Access Points Configuring Wireless Parameters Authorization , Overview on Connecting toServer Groups To change default values for Radius parameters To define a Radius server Connecting to Radius Servers and Server Groups To define a Radius server group Local User Managing UsersDatabase Changing the Order in a Radius Server Group Database To configure user authentication propertiesYou can create two types of users in the local database Click Choose Available To configure user group authentication properties Local database To configure MAC address user authentication properties Click Choose Available To configure user authorization attributes Attribute Description Valid Values Encryption-type Authentication Attributes for Local UsersEnd-date Start-date,end-date, or both Attribute Description Valid Values Filter-id Idle-timeout Attribute Description Valid Values Mobility-profile Start-date Attribute Description Valid Values Session-timeoutSsid Url Attribute Description Valid Values Time-of-day Attribute Description Valid Values Vlan-name User Globs Accept user globs and MAC address globs Vlan Globs MAC Address Globs To set the authentication method for administrator access To set the accounting method for administrator access Console Access Rules Managing Administrator Authentication Configuring and Managing Access Rules for Network Users MSS provides the following types of authentication Authentication Types Authentication Algorithm To 802.1X? Yes Last-Resort Processing Ssid Name Any User Credential Requirements Page Authentication To configure authentication rules Page To configure authentication settings Page Accounting Page Location Policies To change the order of access rulesAbout the Location Policy To create a location policy rule „ Ports Configuring Location Policies Click Close To create a proxy authentication rule Configuring AAA for Clients of Third-Party APs To create a Radius proxy client entry To configure a port as a Radius proxy for an Ssid Included, or you can specify a list of ports to be included Mobility ProfilesAttribute VSA To create a Mobility Profile Creating Access Using AccessControl Lists for Security Defining Access Control Entries Setting Up ACL Basic PropertiesGo to Defining Access Control Entries Creating an IP ACE Page Creating a TCP or UDP ACE Type box, specify the Icmp type used to filter Icmp packets Creating an Icmp ACETo define the action of the ACE Icmp Message Type Number Code Number Icmp Messages and Codes IP Protocol Number Creating a Layer 4 Protocol ACECommonly Used IP Protocol Numbers To add ACEs to an ACL and organize them For a complete list of IP protocol numbers, see Click Finish Mapping User-Based ACLs Mapping an ACL to a Distributed MAP Mapping ACLs to Ports, VLANs, or Virtual PortsACL Map page, click New Mapping an ACL to a Vlan Mapping an ACL to a Virtual Port Mapping an ACL to a Port Configuring 802.1X Parameters Attempts Click Finish Page Managing WX Chapter where the options are describedSystem Files WX File Management Options in 3WXM Network on Configuration into SwitchNot defined in 3WXM, uploading the WX configuration creates Uploading a WX To upload a WX switch configuration Verifying Refresh Refreshes the data Options Toolbar Options on Verification Tab To resolve an error or warning To globally disable a warning or error To disable a specific instance of a warning or errorSelect the warning or error message Or for specific instances To disable or reenable a ruleTo change verification options Managing WX System Images and Configurations Changes Network Toolbar Options on Managed Devices Tab Changes To review changes To accept network changes To deploy local changesClick Deploy Now Options Alerts panel To undo changesNonmatching To modify configuration polling options Network Plan to Switches from aDeploying WX Files Distributing Image Click Distribute To distribute a system image Distributing WX Configuration Files Importing Exporting WX switch Configuration FilesTo distribute a WX configuration file Select Distribute Config Click Distribute Importing and Exporting WX switch Configuration Files Managing WX System Images and Configurations Managed Applying PoliciesHow Changes Are For This Feature Area See Configuring a PolicyConfiguration Information Configuration Information Reviewing Applying Policy Settings Click Review Changes Rebooting WXSwitches or MAP Access Points „ WebAAA certificate for a WX switch „ 802.1X-EAP certificate for a WX switchWhen 3WXM connects to 3WXM Services or a WX switch, Distributing PKS #12 files To process a certificate ProcessingCertificates Certificate that is stored in the 3WXM certificate store ManagingTo review certificate details Select Tools Certificate Management Managing Certificates Statistics and the event log Switches and shows information based on those traps To access monitored data AccessingRequirements for Monitoring Using the Explore Window „ Green Up IconDescription Toolbar Options in Link View of Explore Window Toolbar Options in Floor View of Explore Window Lists the options on the toolbar in the floor view Toolbar Options in Floor View of Explore Window Monitoring the Network Using the Explore Window Monitoring the Network Display Option Coverage Display Options in Explore Window To take an RF measurement 3Com radio on the floor RF measurement point Rssi measurements Status Summary window shows the operational status of 3Com Using the StatusSummary Window Monitor Window Using the ClientActivity on the network Toolbar Options in Client Monitor Window To refresh the data automatically To refresh the data on demand Client Activity Columns When a Mobility Domain is Selected Data Displayed When a Mobility Domain or Site is Selected Number of times authentication for a client failed Client Activity Columns When a Mobility Domain is Selected Data Displayed When a Switch, MAP, or Radio is Selected Ssid Column Description Activity Details for Authentication FailureActivity Details for Association Failure Peap Activity Details for Authorization Failure ColumnDescription Activity Details for Authorization Successful DOT1X Activity Details for Disassociation Activity Details for Client Cleared Activity Details for Dot1x Failure Activity Details for Roam Data Displayed When a Mobility Domain is Selected Client Sessions Columns When a Mobility Domain is Selected Client Sessions Columns When Scope Is a Mobility Domain Data Displayed When the Scope is a Mobility Domain Data Displayed When a WX Switch, MAP, or Radio is Selected Session Properties Columns Displaying Session Details Authentication Server New location Session Statistics Columns Session Statistics Columns Location History Columns Adding a Client to the Watch List Clients on the watch list by MAC address „ natasha@example.com Using the Client Monitor Window Displaying the Client Watch List Removing a Client from the Watch List Details are displayed on the following tabs Session Displaying a Client’s Geographical LocationTerminating a Client’s To terminate a client’s session „ RF Neighborhood lists the other transmitting devices that Using the RFRadio can hear Ssid the radio can hear Window Displaying RF RF Monitor RF Neighborhood Columns MappingWindow RF Monitor Activity Log Columns RF Monitor Environment Columns Statistics Can indicate interference from a non-802.11 device As cordless phones and webcams, appear to generate RF Trends Columns Statistics To access performance statistics from the network Accessing Realtime Performance Statistics Monitoring the Network Accessing Realtime Performance Statistics Viewing Current Data „ Octets In/Out „ Packets In/Out „ Errors In/Out Viewing Historical Data Viewing Data in Percentages Accessing Realtime Performance Statistics To export data to a file Exporting Performance Data Log Accessing the EventDisplaying Event log Toolbar Options on Event Tab Using Predefined Event Filters To filter messages by content Filtering Events by Content Monitoring the Network Saving Filters Filtering Events by SeverityFiltering Events by Facility Exporting Filtered Data Deleting Filters Accessing the Event Log Monitoring the Network Users Dynamic Frequency Selection DFS Both enabled radios and disabled radios perform these scans Notification Type Description Rogue Detection RequirementsSnmp Notifications for RF Detection Other than an associate request flood Rogue Detection Lists Detecting and Combatting Rogue Devices Using the Rogue Detection Tab Toolbar Options on Rogue Detection Tab To filter the rogue list Using the Rogue Detection Tab Current, Current Hour, Current Day, and History Tabs To change the scope of the rogue list Listeners Tab Activity Log TabRogue Details Columns Rogue Listener Details Columns Rogue’s Displaying aGeographical Location Attack List Adding a Device toTo add a device to the ignore list They are present on the network Into a Third Party Converting a Rogue Adding a Rogue’s Configuring RFClients to the Black List Type the SSID. c Click Finish Click Permitted OUI List Configuring RF Detection Options from the Organizer Panel Detecting and Combatting Rogue Devices Generating Reports Site Survey Work orders Inventory Report Generating anTo generate an inventory report Click Generate Mobility Domain Configuration Report dialog box appears SwitchesGenerating a Mobility Domain WX Configuration Report Sections Configuration Report Summary Report Details Report Click Generate Errors Report Click Generate Network usage report lists network usage statistics Generating a Network Usage Report Summary Report Scope is always MAP Radio and cannot be changed Details Report Generating a Rogue Summary Report Click Generate Click View Work Order Generating Reports Measurements Importing RFRF obstacle data Importing Measurements Optimizing a Network Plan Map name must match the name used in the site survey tool Applying the RF Measurements to Floor Plan Coverage Holes Locating and FixingCoverage holes by displaying coverage Locating a Coverage Hole Optimizing a Network Plan Installed to Network Plan Optimizing a Network Plan From Network Node Preparing to Use HP OpenView and 3WXMManager To start 3WXM from Network Node Manager Chapter a Using 3WXM with HP Openview Logging Change options for network synchronization, user interfaceThat system To change 3WXM preferences, in the main 3WXM window, select Preferences Values ResettingChanging Network Synchronization Changing Network Synchronization Options „ Multiple Show the topology in multiple windows Changing User Interface OptionsWithin Window Style, select one of the following Changing Tools Certificate ChangingCheck on Click the Certificate Handling tab Changing Options Typical Client’s Transmit PowerFor RF Planning You can change the following RF planning options Chapter B Changing 3WXM Preferences To Change a Color Defining a Color from the Palette Defining a Color by Changing HSB Properties Defining a Color by Changing RGB Properties Changing 3WXM Logging Options Chapter B Changing 3WXM Preferences Preferences Chapter C Changing 3WXM Services Preferences Services 3WXM ServicesStarting or Stopping To connect to 3WXM Services Connecting to 3WXM Services Verify that the service is running on the server Chapter C Changing 3WXM Services Preferences Changing Service Receiving ServiceSettings Verifying that Chapter C Changing 3WXM Services Preferences Service will accept from the WX switches WX connection settings control the timeout and retries forClick the WXs Connection Settings tab Changing WX Chapter C Changing 3WXM Services Preferences Sources of Monitor Data Monitor tab and for the Performance Statistics windowWindows. lists the source of the data for each window Polling Interval is 5 minutes and cannot be changed Click the Monitoring Settings tab Changing Monitoring Settings Https//ip-addr Managing Network Plans Chapter C Changing 3WXM Services Preferences Backup Chapter C Changing 3WXM Services Preferences Product Register YourPurchase Value-Added Downloads Access SoftwareTelephone Technical Support Contact Us US and Canada Telephone Technical Support and Repair Country Telephone NumberLatin America Telephone Technical Support and Repair Index Index User privileges Configuring SSH Index Index