Defining Non-Authenticated Filters - Siemens HiPath C10 User Manual

hwc_vnsconfiguration.fm
Virtual Network configuration
Configuring filtering rules for a VNS
10. To save your changes, click Save.
For external Captive Portal, you need to add an external server to a
>
non-authentication filter.
7.6.2

Defining non-authenticated filters

Defining non-authenticated filters allows administrators to identify destinations to which a user
is allowed to access without incurring an authentication redirection. Typically, the
recommended default rule is to deny all. Administrators should define a rule set that will permit
users to access essential services:
DNS (IP of DNS server)
●
Default Gateway (VNS Interface IP)
●
Any HTTP streams requested by the client for denied targets will be redirected to the specified
location.
The non-authenticated filter should allow access to the Captive Portal page IP address, as well
as to any URLs for the header and footer of the Captive Portal page. This filter should also allow
network access to the IP address of the DNS server and to the network address—the gateway
of the VNS. The VNS gateway is used as the IP for an internal Captive Portal page. An external
Captive Portal will provide a specific IP definition of a server outside the HiPath Wireless
Controller.
Redirection and Captive Portal credentials apply to HTTP traffic only. A wireless device user
attempting to reach websites other than those specifically allowed in the non-authenticated
filter will be redirected to the allowed destinations. Most HTTP traffic outside of those defined
in the non-authenticated filter will be redirected.
Although non-authenticated filters definitions are used to assist in the redirection of
>
HTTP traffic for restricted or denied destinations, the non-authenticated filter is not
restricted to HTTP operations. The filter definition is general. Any traffic other than
HTTP that the filter does not explicitly allow will be discarded by the controller.
The non-authenticated filter is applied by the HiPath Wireless Controller to sessions until they
successfully complete authentication. The authentication procedure results in an adjustment to
the user's applicable filters for access policy. The authentication procedure may result in the
specification of a specific filter ID or the application of the default filter for the VNS.
Typically, default filter ID access is less restrictive than a non-authenticated profile. It is the
administrator's responsibility to define the correct set of access privileges.
156
HiPath Wireless Controller, Access Points and Convergence Software V4.0, C10/C100/C1000 User Guide
A31003-W1040-U101-1-7619, July 2006 DRAFT