1 / 198

Role Based Firewall

Role Based Firewall. Role Based Firewall. This is a simple demonstration of the Role Based Firewall feature The Role Based Firewall feature allows you to apply Firewall Policies based on a wireless user’s 802.1x EAP authentication credentials

Télécharger la présentation

Role Based Firewall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Role Based Firewall

  2. Role Based Firewall • This is a simple demonstration of the Role Based Firewall feature • The Role Based Firewall feature allows you to apply Firewall Policies based on a wireless user’s 802.1x EAP authentication credentials • This simple demonstration is going to use the following network components: • RFS4000 controller • 7131 access point • Windows Server 2008 R2 Enterprise • Windows XP SP3 Laptop • And the next slide shows how these components are connected

  3. Role Based FirewallNetwork Diagram Windows XP SP3 Laptop WLAN Interface IP address: 192.168.0.3/24 Windows Server 2008 R2 Enterprise Connected to Interface GE1/PoE LAN Interface IP address: 192.168.0.2/24 Brocade Mobility 7131 Access Point running code version 5.3.1 Connected to Interface LAN1 Connected to Interface UPLINK Brocade Mobility RFS4000 Controller running code version 5.3.1

  4. Role Based FirewallNetwork Diagram Explained • On the Windows Server 2008 R2 Enterprise, configure a LAN interface with the static IP address 192.168.0.2/24 • Connect the LAN interface on the Windows Server 2008 R2 Enterprise to UPLINK (aka UP1) interface on the RFS4000 • Connect the LAN1 (aka GE1) interface on the RFS4000 to GE1/PoE interface on the 7131 • And, on the Windows XP SP3 laptop, configure a WLAN interface with the static IP address 192.168.0.3/24

  5. Role Based FirewallGetting Ready – RFS4000 & 7131 • Now, make sure that the RFS4000 controller and the 7131 access point are running firmware code version 5.3.1 or newer • And, reset both the controller and the access point to factory default configuration

  6. Role Based FirewallGetting Ready – Server 2008 R2 Ent IMPORTANT: Must be Enterprise CA. Standalone CA will not work for this simple demonstration.

  7. Role Based Firewall Let’s break down this demonstration into small, simple, manageable steps. The steps are: • First create a simple, open, unencrypted, wireless network • Add EAP authentication, CCMP encryption • Add Firewall Rules • Add Wireless Client Roles

  8. Role Based Firewall • First create a simple, open, unencrypted, wireless network • From the console interface of the RFS4000, login into the CLI and enter the following: Please press Enter to activate this console. br-rfs4000-4F0118 login: admin Password: admin123 Brocade Mobility Wireless System is currently using the factory default login credentials. Please change the default password to protect from unauthorized access. Enter new password: my_new_password Confirm new password: my_new_password Password for user 'admin' changed successfully. Please write this password change to memory(write memory) to be persistent. br-rfs4000-4F0118>write mem [OK] br-rfs4000-4F0118>

  9. Role Based Firewall • Next, enter this command on the CLI: • In factory default configuration, all switch port interfaces are configured for VLAN 1, and in access mode • If this is not the case for you, then reset your controller to factory default and try again br-rfs4000-4F0118>show intswitchport --------------------------------------------------------------------------------------- INTERFACE STATUS MODE VLAN(S) --------------------------------------------------------------------------------------- ge1 UP access 1 ge2 UP access 1 ge3 UP access 1 ge4 UP access 1 ge5 UP access 1 up1 UP access 1 --------------------------------------------------------------------------------------- A '*' next to the VLAN ID indicates the native vlan for that trunk port br-rfs4000-4F0118>

  10. Role Based Firewall • Next, enter this command on the CLI: • In factory default configuration, the IP address/Mask for VLAN 1 is 192.168.0.1/24 • If this is not the case for you, then reset your controller to factory default and try again br-rfs4000-4F0118>show ipintbr ------------------------------------------------------------------------------- INTERFACE IP-ADDRESS/MASK TYPE STATUS PROTOCOL ------------------------------------------------------------------------------- vlan1 192.168.0.1/24 secondary UP up ------------------------------------------------------------------------------- br-rfs4000-4F0118>

  11. Role Based Firewall • Next, enter this command on the CLI: • This is to confirm that the controller can ping Windows Server 2008 R2 Enterprise • If the controller cannot ping Windows Server 2008 R2 Enterprise, then check the connection between the controller and the server, and check the IP address setting of the LAN interface on the server • Do not proceed to the next step until the controller can ping the server. The demonstration will fail if the controller cannot ping the server. So, get the ping test to work before moving on. br-rfs4000-4F0118>ping 192.168.0.2 PING 192.168.0.2 (192.168.0.2): 100 data bytes 108 bytes from 192.168.0.2: seq=0 ttl=128 time=0.954 ms 108 bytes from 192.168.0.2: seq=1 ttl=128 time=0.540 ms 108 bytes from 192.168.0.2: seq=2 ttl=128 time=0.544 ms 108 bytes from 192.168.0.2: seq=3 ttl=128 time=0.546 ms 108 bytes from 192.168.0.2: seq=4 ttl=128 time=0.542 ms --- 192.168.0.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0.540/0.625/0.954 ms br-rfs4000-4F0118>

  12. Role Based Firewall • Next, from a web browser on the Windows Server 2008 R2 Enterprise (or, if you don’t want to use a web browser from the server, you can connect another computer to the RFS4000 and use the web browser from there) browse to the RFS4000 GUI at https://192.168.0.1 • NOTE: In factory default configuration, http (port 80) for management access is blocked. So don’t try to use http://192.168.0.1. It won’t get you to the GUI. Use https://192.168.0.1.

  13. Role Based Firewall • Now, go to your Windows XP SP3 laptop and connect to your new WLAN that you just created.

  14. Role Based Firewall • Now we are ready to move to Step 2, which is to add EAP authentication, CCMP encryption to our current configuration. • So go back to your web browser that you were using to configure the RFS4000 controller.

  15. Role Based Firewall • After you have click on the Commit button, take a quick look at your Windows XP SP3 laptop. • What happened to the continuous ping? • Hint: The continuous ping will now fail to reach the destination IP address of 192.168.0.1

More Related