•
•Remote VPN — Provides remote user ability to access company resources from outside the company premises.
The switch supports:
•IPSec termination for site to site
•IPSec termination for remote access
•IPSec traversal of firewall filtering
•IPSec traversal of NAT
•IPSec/L2TP (client to switch)
1.2.5.14NAT
NAT (Network Address Translation) is supported for
•Port NAT– Port NAT (also known as NAPT) entails multiple local addresses are mapped to single global address and a dynamic port number. The user is not required to configure any NAT IP address. Instead IP address of the public interface of the switch is used to NAT packets going out from private network and vice versa for packets entering private network.
•Static NAT– Static NAT is similar to Port NAT with the only difference that it allows the user to configure a source NAT IP address and/or destination NAT IP address to which all the packets will be NATted to. The source NAT IP address will be used when hosts on a private network are trying to access a host on a public network. Destination NAT IP address can be used for public hosts to talk to a host on the private network.
1.2.5.15Certificate Management
Certificate Management is used to provide a standardized procedure to
•Generate a Server certificate request and upload the server certificate signed by certificate authority (CA).
•Uploading of CA's root certificate.
•Creating a
Certificate management will be used by the applications HTTPS, VPN, HOTSPOT and Radius. For information on configuring switch certificate management, see Creating Server Certificates on page
1.2.6 Access Port Support
Access ports work on any VLAN with connectivity to the wireless switch. The switch supports the following access ports:
•AP100 (supports 802.11b)
•AP300 (supports 802.11a/b/g)
•Access points converted to access ports, including:
•