Wep 128; Configuring Wlan Firewall Support - Motorola AP-6511 Reference Manual

WEP 128 Deployment Considerations


WEP 128

Before defining a WEP 128 supported configuration on a WLAN, refer to the following deployment guidelines
to ensure the configuration is optimally effective:
• Motorola recommends additional layers of security (beyond WEP) be enabled to minimize the likelihood
of data loss and security breaches. WEP enabled WLANs should be mapped to an isolated VLAN with
Firewall policies restricting access to hosts and suspicious network applications.
• WEP enabled WLANs should only be permitted access to resources required by legacy devices.
• If WEP support is needed for WLAN legacy device support, 802.1X EAP authentication should be also
configured in order for the WLAN to provide authentication and dynamic key derivation and rotation.

6.1.3 Configuring WLAN Firewall Support


Wireless LAN Policy
A Firewall is a mechanism enforcing access control, and is considered a first line of defense in protecting
proprietary information within the Motorola wireless network. The means by which this is accomplished
varies, but in principle, a Firewall can be thought of as mechanisms both blocking and permitting data traffic
within the wireless network. For an overview of Firewalls, see
WLANs use Firewalls like Access Control Lists (ACLs) to filter/mark packets based on the WLAN from which
they arrive, as opposed to filtering packets on Layer 2 ports. An ACL contains an ordered list of Access
Control Entries (ACEs). Each ACE specifies an action and a set of conditions (rules) a packet must satisfy to
match the ACE. The order of conditions in the list is critical because the wireless controller stops testing
conditions after the first match.
IP based Firewall rules are specific to source and destination IP addresses and the unique rules and
precedence orders assigned. Both IP and non-IP traffic on the same Layer 2 interface can be filtered by
applying both an IP ACL and a MAC
A MAC Firewall rule uses source and destination MAC addresses for matching operations, where the result
is a typical allow, deny or mark designation to WLAN packet traffic.
Keep in mind IP and non-IP traffic on the same Layer 2 interface can be filtered by applying both an IP ACL
and a MAC ACL to the interface.
To review access policies, create a new access policy or edit the properties of a new WLAN Firewall policy.
1. Select Configuration
existing WLANs.
2. Select the Add
controller WLAN.
3. Select Firewall
> Wireless LANs >
button to create a new WLAN or
from the Wireless LAN Policy options.
Wireless Firewall on page
Wireless LAN Policy to display a high-level display of the
Edit to modify the properties of an existing wireless
Wireless Configuration
8-2.
6-21