Motorola WS5100 Series Reference Manual page 35

allowed. If the action is to mark, the packet is tagged for priority. The switch supports the following types of
ACLs:
• IP Standard ACLs
• IP Extended ACLs
• MAC Extended ACLs
• Wireless LAN ACLs
ACLs are identified by a number or a name (the exception being MAC extended ACLs which take only name
as their identifier). Numbers are predefined for IP Standard and Extended ACLs, whereas a name can be any
valid alphanumeric string not exceeding 64 characters. With numbered ACLs, the rule parameters have to be
specified on the same command line along with the ACL identifier. For named ACLs, rules are configured
within a separate CLI context. For information on creating an ACL, see
Configuring ACLs on page
1.2.5.11 Local Radius Server
Radius is a common authentication protocol utilized by the 802.1x wireless security standard. Radius
improves the WEP encryption key standard, in conjunction with other security methods such as EAP-PEAP.
The switch has one onboard Radius server. For information on configuring the switch's resident Radius
Server, see Configuring the Radius Server on page
1.2.5.12 IPSec VPN
IP Sec is a security protocol providing authentication and encryption over the Internet. Unlike SSL (which
provides services at layer 4 and secures two applications), IPsec works at layer 3 and secures everything in
the network. Also unlike SSL (which is typically built into the Web browser), IPsec requires a client
installation. IPsec can access both Web and non-Web applications, whereas SSL requires workarounds for
non-Web access such as file sharing and backup.
A VPN is used to provide secure access between two subnets separated by an unsecured network. There are
two types of VPNs:
• Site-Site VPN — For example, a company branching office traffic to another branch office traffic with
an unsecured link between the two locations.
• Remote VPN — Provides remote user ability to access company resources from outside the company
premises.
The switch supports:
• IPSec termination for site to site
• IPSec termination for remote access
• IPSec traversal of firewall filtering
• IPSec traversal of NAT
• IPSec/L2TP (client to switch)
1.2.5.13 NAT
Network Address Translation (NAT) is supported for non-IPSec packets routed by the switch. The following
types of NAT are supported:
• Port NAT– Port NAT (also known as NAPT) entails multiple local addresses are mapped to single global
address and a dynamic port number. The user is not required to configure any NAT IP address. Instead IP
6-17.
6-67.
1-25
Overview