Online Help for Cisco IOS Release 12.3(02)JA
Home
Express Set-up
Express Security
Network Map
Association
Network Interfaces
Security
Services
Telnet/SSH
CDP
DNS
Filters
HTTP
QoS
SNMP
NTP
VLAN
Spanning Tree Protocol
System Software
Event Log

 

  
Services: Filters - MAC Address Filters
 

Use this page to allow or disallow the forwarding of unicast or multicast packets sent from or addressed to specific MAC addresses. You can create a filter that passes traffic to all MAC addresses except those you specify, or you can create a filter that blocks traffic to all MAC addresses except those you specify. You can apply the filters you create to either or both the Ethernet and radio ports and to either or both incoming or outgoing packets.

Click the IP Filters tab to create or edit protocol filters. Click the Ethertype Filters tab to create or edit protocol filters.

Create/Edit Filter Index

If you are creating a new MAC address filter, make sure <NEW> (the default) is selected.

Filter Index

Name the filter with a number from 700 to 799. The number you assign creates an access control list (ACL) for the filter.

Add MAC Address

Type a destination MAC address with the periods separating the three groups of four characters (0040.9612.3456, for example). (Note: To make sure the filter operates properly, use lower case for all the letters in the MAC addresses that you enter.) If you plan to block traffic to all MAC addresses except those your specify as allowed, put your MAC address in the list of allowed MAC addresses.

Mask

Type the mask for the MAC address. Enter the mask with periods separating the three groups of four characters (112.334.556.778, for example). The method for entering the mask depends on the release.

Entering 255.255.255.255 as the mask causes the access point to accept any IP address. If you enter 0.0.0.0, the access point looks for an exact match with the IP address you entered in the IP Address field. The mask you enter in this field behaves the same way that a mask behaves when you enter it in the CLI.

Action

Select Forward or Block. Click Add. The MAC address appears in the Filters Classes field.

Default Action

Packets that do not match any of the Filters Classes are handled according to the Default Action.

Select Forward All or Block All. The filter's default action must be opposite of the action for at least one of the addresses in the filter. For example, if you enter several addresses and you select Block as the action for all of them, you must choose Forward All as the filter's default action.

Note: When you click Apply, the filter is saved on the access point, but it is not enabled until you apply it on the Apply Filters page.

Filters Classes

To remove the MAC address from the Filters Classes list, select it and click Delete Class.

 

See Also: Configuring and Enabling MAC Address Filters

 

 

 
   
Copyright (c) 2004 by Cisco Systems, Inc.