Motorola WiNG 5.4.2 System Reference Manual page 82

5 - 16 WiNG 5.4.2 Access Point System Reference Guide
14. If a firewall rule does not exist suiting the data protection needs of the target port configuration, select the
define a new rule configuration.
15. Refer to the Trust
Trust ARP Responses
Trust DHCP Responses
ARP header Mismatch
Validation
Trust 8021p COS values
Trust IP DSCP
NOTE: Some vendor solutions with VRRP enabled send ARP packets with Ethernet
SMAC as a physical MAC and inner ARP SMAC as VRRP MAC. If this configuration is
enabled, a packet is allowed, despite a conflict existing.
16. 802.1x is a IEEE protocol that defines port based network access control to wired LANs. Refer to the
configure the following:
Host Mode
Guest VLAN
Port Control
Reauthenticate
Max Reauthenticate Count
Maximum Request
field to define the following:
Select this option to enable ARP trust on this access point port. ARP packets received
on this port are considered trusted and information from these packets is used to
identify rogue devices within the network. The default value is disabled.
Select this option to enable DHCP trust on this port. If enabled, only DHCP responses
are trusted and forwarded on this port, and a DHCP server can be connected only to a
DHCP trusted port. The default value is enabled.
Select this option to enable a mismatch check for the source MAC in both the ARP and
Ethernet header. The default value is disabled.
Select this option to enable 802.1p COS values on this port. The default value is
enabled.
Select this option to enable IP DSCP values on this port. The default value is enabled.
Configures the Port mode for 802.1x authentication. Select single-host to bridge traffic
from a single authenticated host. Select multi-host to bridge traffic from any host the
wired port.
Set the Guest VLAN on which traffic is bridged from the wired port, if the port is
unauthorized.
Configures how the port is controlled. When set to Automatic, the port is set to a state
as received from the authentication server. When set to force-authorized, any traffic on
the port is said to be authorized and is bridged. When set to force-unauthorized, any
traffic on the port is said to be unauthorized and is not bridged.
Enables reauthentication of authorized ports. Reauthentication is used primarily to
refresh the current state of controlled ports. When enabled, and device using the
controlled port is forced to reauthenticate. When this happens, the controlled port is
still in the authorized state. If reauthentication fails, the port is set as being
unauthorized and the device(s) using the port are not allowed access.
Configures the number of times an attempt is made to reauthenticate a controlled port.
When exceeded, the controlled port is set as unauthorized.
Configures the number of times an attempt is made to authenticate with the EAP server
before returning an authentication failed message to the device requesting
authorization using the controlled port.
Create icon to
802.1x Settings to