Online Help for Cisco IOS Release 12.3(08)JA
Home
Express Set-up
Express Security
Network Map
Association
Network Interfaces
Security
Services
Telnet/SSH
Hot Standby
CDP
DNS
Filters
HTTP
QoS
STREAM
SNMP
SNTP
VLAN
ARP Caching
Wireless Services
System Software
Event Log

 

  
Services: Filters - IP Filters
 

IP filters prevent or allow the use of IP address(es), IP protocols, and TCP/UDP ports through the access point's Ethernet and radio ports. You can create a filter that passes traffic to all addresses except those you specify, or you can create a filter that blocks traffic to all addresses except those you specify. You can create filters that contain elements of one, two, or all three IP filtering methods. You can apply the filters you create to either or both the Ethernet and radio ports and to either or both incoming and outgoing packets.

Click the MAC Address Filters tab to create or edit filter indexes for MAC addresses. Click the Ethertype Filters tab to create or edit protocol filters. Click Apply Filters to apply the filters for incoming and outgoing radio interfaces.

Create/Edit Filter Name

If you are creating a new filter, make sure <NEW> (the default) is selected in the Create/Edit Filter index menu. To edit an existing filter, select the filter name from the Create/Edit Filter Index menu.

Filter Name

Enter a descriptive name for the new filter.

Default Action

Packets that do match any of the Filters Classes are handled according to the Default Action.

Select Forward All or Block All as the filter's default action. The filter's default action must be the opposite of the action for at least one of the addresses in the filter. For example, if you create a filter containing an IP address, an IP protocol, and an TCP/UDP port, and you select Block as the action for all of them, you must choose Forward All as the filter's default action.

IP Address

Destination Address

Enter the IP address you want to filter. If you plan to block traffic to all IP addresses except those you specify as allowed, put the address of your own PC in the list of allowed addresses to avoid losing connectivity to the access point.

Mask

Type the mask for the destination IP address. Enter the mask with periods separating the three groups of four characters (112.334.556.778, for example). If you enter 255.255.255.255 as the mask, the access point accepts any IP address. If you enter 0.0.0.0, the access point looks for an exact match with the IP address you entered in the IP Address field. The mask you enter in this field behaves the same way that a mask behaves when you enter it in the CLI.

Source Address

Enter the IP address you want to filter. If you plan to block traffic to all IP addresses except those you specify as allowed, put the address of your own PC in the list of allowed addresses to avoid losing connectivity to the access point.

Mask

Type the mask for the source IP address. Enter the mask with periods separating the three groups of four characters (112.334.556.778, for example). The method for entering the mask depends on the release.

Entering 255.255.255.255 as the mask causes the access point to accept any IP address. If you enter 0.0.0.0, the access point looks for an exact match with the IP address you entered in the IP Address field. The mask you enter in this field behaves the same way that a mask behaves when you enter it in the CLI.

Action

Select Forward or Block. Click Add. The address appears in the Filters Classes field.

IP Protocol

IP Protocol

To filter an IP protocol, select one of the common protocols from the drop-down menu or select the Custom radio button and enter the number of an existing ACL in the Custom field. Enter an ACL number from 0 to 255.

Action

Select Forward or Block. Click Add. The protocol appears in the Filters Classes field.

UDP/TCP Port

TCP Port

To filter a TCP protocol, select one of the common port protocols from the drop-down menu or select the Custom radio button and enter the number of an existing protocol in one of the Custom fields. Enter a protocol number from 0 to 65535.

Action

Select Forward or Block. Click Add. The protocol appears in the Filters Classes field.

UDP Port

To filter a UDP protocol, select one of the common port protocols from the drop-down menu or select the Custom radio button and enter the number of an existing protocol in one of the Custom fields. Enter a protocol number from 0 to 65535.

Action

Select Forward or Block. Click Add. The protocol appears in the Filters Classes field.

Filters Classes

The protocols appear on this portion of the window. To remove the protocol from the Filters Classes list, select it and click Delete Class.

 

See Also: Configuring and Enabling IP Filters

 

 

 

 

 
   
Copyright (c) 2006 by Cisco Systems, Inc.