Use this page to allow or disallow the forwarding of unicast or
multicast packets either sent from or addressed to specific MAC
addresses. You can create a filter that passes traffic to all MAC
addresses except those you specify, or you can create a filter that
blocks traffic to all MAC addresses except those you specify.
The default settings for multicast and unicast destination MAC
addresses transmitted from each network interface are specified
on the Ethernet Advanced and
AP/Root Radio Advanced pages.
Settings
New MAC Address Filter: Dest MAC Address
Enter the destination of the new MAC address you want to establish
as allowed or disallowed. You can type the address with colons separating
the character pairs (00:40:96:12:34:56, for example) or without
any intervening characters (004096123456, for example).
Note If you plan to disallow traffic to all MAC addresses
except those you specify as allowed, put your own MAC address in
the list of allowed MAC addresses.
Note MAC address filters are powerful, and you can lock
yourself out of the bridge if you make a mistake setting up the
filters.
Allowed/Disallowed
Click Allowed to pass traffic to the MAC address. Click
Disallowed to discard traffic to the MAC address.
Note Click Add to add this allowed or disallowed
MAC address to the Existing MAC Address Filters portion of the screen.
Note The default settings for the multicast and unicast
destination MAC addresses transmitted from each network interface
are specified on the Advanced Setup page for the network interface.
Existing MAC Address Filters
Displays the added MAC address filters and labels it as allowed
or disallowed. To delete a MAC address, highlight it in the Existing
MAC Address Filters field and click Remove.
Note Click Advanced in the AP Radio row of the Network
Ports section at the bottom of the Setup page. The AP
Radio Advanced page appears.
Lookup MAC Address on Authentication Server if not in Existing
Filter List?
If you plan to create a MAC address list that is checked by the
authentication server, select Yes for
the option called Lookup MAC Address on Authentication
Server if not in Existing Filter List. When this option is
enabled, the access point checks the authentication servers
MAC address list when a client device attempts to authenticate.
Is MAC Authentication alone sufficient for a client to be fully
authenticated?
When you enable this feature, client devices that associate to
the access point using 802.11 open authentication first attempt
MAC authentication. If MAC authentication succeeds, the client device
joins the network; if the client is also using EAP authentication,
it attempts to authenticate using EAP. If you select Yes
to this option and enable this feature, the access point follows
these steps to authenticate all clients that associate using 802.11
open authentication:
- When a client device sends an authentication request to the
access point, the access point sends a MAC authentication request
in the RADIUS Access Request Packet to the RADIUS server using
the client's user ID and password as the MAC address of the client.
- If the authentication succeeds, the client joins the network.
If the client is also using EAP authentication, it attempts to
authenticate using EAP.
- If MAC authentication fails for the client, the access point
allows the client to attempt to authenticate using EAP authentication.
The client cannot join the network until EAP authentication succeeds.
Action Buttons
Command
|
Description
|
Apply
|
Activates the new setting. The browser remains on this page.
|
OK
|
Applies the new settings and moves the browser back to the
main Setup page.
|
Cancel
|
Cancels all changes to the setting, returns the settings
to the previously stored values, and redirects the user back
the main Setup page.
|
Remove All
|
Removes all MAC address filters established as allowed or
disallowed.
|
|