1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Controller
  5. DSA-6100
  6. User manual

D-Link DSA-6100 User Manual page 186

Wireless access controller
Hide thumbs
Table of Contents

Advertisement

2) If the system is not in Bridge mode, the isolation rules are applied in two tiers, a big default rule and up to
ten exceptional rules. The default action (the big default isolation rule) for the traffic between all interfaces
is either Pass All or Block All. If traffic between any particular interfaces has to be blocked or passed,
administrators will need to create the custom, exceptional rules to block or to pass the traffic that are
traveling between the selected interfaces.
3) The following table shows the choices and conventions of the interfaces for exception rules.
Convention
ALL
LAN1-Tag#nnnn
LAN2-Tag#nnnn
LAN1-Untagged
LAN2-Untagged
Please note that the exception rule is bi-directional. For example, the pair {LAN1-Tag#1111,
LAN2-Tag#3333} is the same as the pair {LAN2-Tag#3333, LAN1-Tag#1111}.
4) An Example: The Default Isolation Rule specifies "Block All Traffic" and an exception rule says "Pass" the
pair {LAN1-Untagged, ALL}. In this example, the system will block all traffic between all VLAN interfaces,
except for the traffic between VLAN1 and other VLANs.
5) The priority of basic system security rules:
a. When the Default Isolation Rule is "Pass All Traffic", the priority of exception rules (Block) is higher
than the firewall rules. In other words, in this case, the exception rules will block traffic between the
specified interfaces, even when the Firewall rules are configured to pass all traffic.
b. When the Default Isolation Rule is "Block All Traffic", the priority of exception rule (Pass) is lower than
the firewall rules. In other words, in this case, the exception rules will not pass traffic between the
specified interfaces, if the Firewall rules are configured to block traffic between the specified interfaces.
c. Walled Garden will not be blocked by VLAN isolation rules. For example, there is a server in Walled
Garden in VLAN1. The "Block All Traffic" rule will not prevent users on VLAN2 from seeing the server
in Walled Garden.
d. DMZ and Virtual Servers are subject to VLAN isolation rules. For example, there is a virtual server in
VLAN1. A "Block All Traffic" rule will prevent users on VLAN2 from seeing the virtual server.
Description
All the LAN interfaces and VLAN interfaces on LAN1 and LAN2 ports.
The VLAN with Tag ID "nnnn" on LAN1 port
(for example, LAN1-Tag#1111 is the VLAN with Tag ID 1111 on LAN1)
The VLAN with Tag ID "nnnn" on LAN2 port
(for example, LAN2-Tag#3333 is the VLAN with Tag ID 3333 on LAN2)
The LAN interface on LAN1 port
The LAN interface on LAN2 port
DSA-6100 User Guide
180

Advertisement

Table of Contents
loading

Related Manuals for D-Link DSA-6100

Related Products for D-Link DSA-6100

Table of Contents