How to Allow HTTP Traffic only on the WS5x00

Article ID: 55143525

Question

How to Allow HTTP Traffic only on the WS5000? How to Allow HTTP Traffic only on the WS5100?

Facts

Applies to FIrmware code v1.x and v2.x

Answer

Proper classifiers are not defined and applied to the WS5000 or WS5100.
Log onto the switch through a web browser.
  1. Create HTTP classifier. Select CreateàNetworkàClassifier:
  2. Enter name and description of classifier.  Click Next.
  3. Create Classifier of destination port 80, Protocol TCP and UPD, and ethertype 0x0800.  Click Next.
  4.  Click Finish.
  5. Create HTTPS classifier. Select CreateàNetworkàClassifier.
  6.  Enter name and description of classifier.  Click Next.
  7. Create Classifier of destination port 443, Protocol TCP and UPD, and ethertype 0x0800.  Click Next
  8. Click Finish.
  9. Create DNS classifier. Select CreateàNetworkàClassifier.
NOTE: DNS MOST BE ALLOWED TO RESOLVE FQDN’S (FULLY QUALIFIED DOMAIN NAMES).
  1. Enter name and description of classifier.  Click Next. 
  2. Create Classifier of destination port 443, Protocol TCP and UPD, and ethertype 0x0800.  Click Next 
  3. Click Finish.
  4. Create ARP classifier. Select CreateàNetworkàClassifier.
  5. Enter name and description of classifier.  Click Next.
  6. Create Classifier of ethertype 0x0806.  Click Next.
  7. Click Finish.
  8. If you need to allow your Mobile Units to obtain IP addresses from a DHCP server create the following classifier:
  9. Create DHCP classifier.  Select CreateàNetworkàClassifier.
  10. Enter name and description of classifier.  Click Next.
  11. Create Classifier of destination ports 67 and 68, and ethertype 0x0800.  Click Next.
  12. Click Finish.
  13. Create classification group for HTTP.  Select CreateàNetworkàClassification Group…
  14. Enter name and description of classifier group.  Click Next. 
  15. Move the HTTP classifier from Available to Selected.  Click Next.
  16. Click Finish.
  17. Create classification group for HTTPS.  Select CreateàNetworkàClassification Group…
  18. Enter name and description of classifier group.  Click Next.
  19. Move the HTTPS classifier from Available to Selected.  Click Next.
  20. Click Finish.
  21. Create classification group for DNS, ARP and DHCP.  Select CreateàNetworkàClassification Group
  22. Enter name and description of classifier group.  Click Next.
  23. Move the DNS, ARP and DHCP (only move DHCP classifier if MU’s are DHCP clients) classifiers from
  24. vailable to Selected.  Click Next.
  25. Click Finish.
  26. Create Input Policy. Select CreateàNetworkàInput Policy 
  27. Enter Name and Description.  Click Next.
  28. Move the HTTP_CG, HTTPS_CG and DNS_ARP_DHCP_CG classifier groups from Available to Selected. Click Next 
  29. Make sure that the Default Action is set to Deny.  Click Next.
  30. Click Finish.
  31. Create Network policy.  Select CreateàNetworkàNew Policy...
  32.  Enter Name and Description.  Click Next.
  33.  Select the Input policy from drop down.  Click Next.Click Next again.
  34. Click Finish.
Apply the above created network policy to your Access Port Policy.