Policy-Based QoS/Firewall - Part 1 - Firewall Rules for WLAN
WLAN QoS/Firewall - Part 1 of 2
For more info visit: http://www.merunetworks.com
So in this video we're going to talk about the policy-based QoS and firewall rules that are available in Meru's Wireless LAN system. By QoS, of course, we mean quality-of-service, and the way we provide quality-of-service is not just over the air but also the translation of mappings towards the back end network, and I'll talk about that. So as you all are aware, Wi-Fi devices attach to a service set, or SSID, which is really the name of the service that you typically type when your Windows Zero Config pops up, and that allows you to connect to the wireless abstraction of a VLAN or a subnet. So devices -- wireless devices -- associate with the network by means of connecting to a service ID or SSID. Now, each SSID has its own security policies, so at the layer 2 you might do WEP or Clear or WPA or WPA2, which are some of the standard security policies, part of the 802.11 standard.
Now the way that we map SSIDs to essentially differentiate users is the following. So first off, associated with an SSID, we have something called an ESS profile. Now this is a profile wherein multiple profiles might have the same SSID, and we'll talk about why that's relevant. For each ESS profile, you can map it to a VLAN, a virtual LAN. You can also assign something called a filter ID which is essentially a policy tag that we associate with every device that connects to a profile. And you can map SSIDs or an ESS profile to some number of access points, so this is a list of access points. So the purpose or the relevance of these fields is going to become relevant in a few minutes.
So let's assume you have a certain area, and this area, let's say, is being served by four access points. Let us call this AP1, AP2, AP3 and AP4. In this coverage area, you might have certain locations where you want to restrict access. So for example, let's say a guest SSID is only available in the lobby area. So you provide a Guest. And as for employees, that service is available in all of the access points except that in certain locations, you might want to ascribe different security or quality-of-service policies. And we'll talk about the different usage cases once we sort of go over the technology. So you might have a Guest SSID and an Employee SSID. And notice that is the same Employee SSID that is advertised, whether you're in this location or this location, it's just that you get mapped to different service profiles. Or you get mapped to different back end quality-of-service and firewall profiles.
So let's keep it at that, and now move onto the next level of trying to differentiate services and try to differentiate the way packets are transmitted or treated based on policies. There are sort of five basic classes of policies. One is user-based, the second is location-based, the third is subnet-based, based on the IP address of source and/or destination, the fourth one is service or SSID-based and the last one is application-based. So now what I'm going to describe is how we use a combination of the user IP address or the source and destination IP address, based on the access of the user as well as the filter ID of the user. So notice that the way we assign filter ID, we can already do it user-based, location-based and SSID-based. We just talked about how you can ascribe these policy IDs based on a combination of these three.
......Please See Interactive Transcript For Full Text......
For more info visit: http://www.merunetworks.com
Смотрите видео Policy-Based QoS/Firewall - Part 1 - Firewall Rules for WLAN онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь Meru Networks 30 Октябрь 2009, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 5,048 раз и оно понравилось 11 людям.