Points to Note when using the WX1200 and WX4400
15
face on the WX switch or disable IGMP proxy
reporting. To disable proxy reporting, use the com-
mand
set igmp proxy-report disable
.
Disabling proxy reporting can increase IGMP over-
head traffic to the multicast router.
■
Enable the IGMP querier only if needed. The IGMP
pseudo-querier function is disabled by default.
Enable it only if the source of a multicast stream is
on a subnet the WX switch is also connected to. If
this is the case, you must assign an IP address to
the VLAN interface. The IP address must be higher
than the IP address of the querier multicast router
on the same subnet. To enable the IGMP
pseudo-querier, use the command
set igmp que-
rier enable
.
■
Disable multicast router discovery. This multicast
router solicitation protocol (part of
draft-ietf-magma-snoop) is known to cause error
messages with other IGMP snooping switches and
multicast routers. To disable the protocol, use the
command
set igmp mrsol disable
. (The protocol
is disabled by default in the current software ver-
sion.)
User ACLs Require Explicit Source and Destination
Addresses
A user ACL is an ACL that is applied to a specific user-
name. You can apply ACLs to a user’s inbound or out-
bound wireless traffic. For a user ACL to take effect,
you must explicitly set both the source and destina-
tion addresses in the ACL.
Add Authentication Rules for Last-Resort Access to
Any SSID
Last-resort authentication is configurable on an indi-
vidual SSID basis, with the following command:
set authentication last-resort {ssid ssid-name |
wired} method1 [method2] [method3] [method4]
This command, like the other
set authentication
commands in MSS Version 3.0, allows you to config-
ure rules on an individual SSID basis, and separately
configure rules for wired access through a wired
authentication port if needed.
The MSS Version 3.0 authentication rules for wireless
access can match on SSID
any
, a wildcard that
matches on any SSID. The MSS Version 3.0 authenti-
cation rules for wired authentication match on
wired
.
In MSS Version 3.0, when a user without a username
or password requests access, MSS checks the configu-
ration for a last-resort authentication rule that
matches on the SSID. If the configuration contains the
rule, MSS checks the local database for username
last-resort-
ssid
, where
ssid
is the SSID requested by
the user. The guest user is granted access only if the
database contains
last-resort-
ssid
for the SSID
requested by the user. Otherwise, access is denied.
To easily allow last-resort access to any SSID, the con-
figuration must contain username
last-resort-any
in
the local database, and must contain the following
last-resort authentication rules:
