WS 2000 Wireless Switch System Reference Guide3-8
• Specify port information for the protocol. If the protocol uses only one port, enter the same port number in the Start
Port and End Port columns, or leave the End Port column blank. Otherwise, use both columns for an entry that has
a range of ports.
5. Click the Apply button to save changes.
Advanced Subnet Access Settings
There can be situations in which the standard subnet access setting process is not specific enough for the needs of an
organization. Instead, access or firewall rules need to be defined based upon destination and source IP addresses, transport
types, and ports. The Advanced Subnet Access screen allows the administrator to create more complicated inbound and
outbound policies.
Select Network Configuration --> Firewall --> Advanced Subnet Access from the left menu. The screen consists of
two areas. The Settings area enables or disables the data found on this screen. The Firewall Rules area displays the currently
defined and active firewall rules. This area will display either the inbound or outbound rules. The rules are applied in the
order that they are listed. The rules at the top of the list take precedence over the rules lower in the list.
UDP
User Datagram Protocol (UDP) is mostly used for broadcasting data over the Internet. Like TCP, UDP
runs on top of Internet Protocol (IP) networks. Unlike TCP/IP, UDP/IP provides very few error
recovery services and methods. UDP offers a way to directly connect, and then send and receive
datagrams over an IP network.
ICMP
Internet Control Message Protocol (ICMP) is tightly integrated with IP. ICMP messages, delivered
in IP packets, are used for out-of-band messages related to network operation. Because ICMP uses
IP, ICMP packet delivery is unreliable. Hosts cannot count on receiving ICMP packets for a network
problem.
AH
Authentication Header (AH) is one of the two key components of IP Security Protocol (IPSec). The
other key component is Encapsulating Security Protocol (ESP), described below.
AH provides authentication, proving the packet sender really is the sender, and the data really is
the data sent. AH can be used in transport mode, providing security between two end points. Also,
AH can be used in tunnel mode, providing security like that of a Virtual Private Network (VPN).
ESP
Encapsulating Security Protocol (ESP) is one of the two key components of IP Security Protocol
(IPSec). The other key component is Authentication Header (AH), described above.
ESP encrypts the payload of packets, and also provides authentication services. ESP can be used
in transport mode, providing security between two end points. Also, ESP can be used in tunnel
mode, providing security like that of a Virtual Private Network (VPN).
GRE
General Routing Encapsulation (GRE) supports VPNs across the Internet. GRE is a mechanism for
encapsulating network layer protocols over any other network layer protocol. Such encapsulation
allows routing of IP packets between private IP networks across an Internet that uses globally
assigned IP addresses.
Transport Description