Motorola WiNG 5 System Reference Manual page 380

6 - 32 WiNG 5 Access Point System Reference Guide
Action
Precedence
VLAN ID
Match 802.1P
Ethertype
Description
12.Save the changes to the new MAC rule, or reset to the last saved configuration as needed.
13.Set the following
ARP Trust
Validate ARP
Header Mismatch
DHCP Trust
14.Set the following
Wireless Client
Denied Traffic
Threshold
Action
The following actions are supported:
Log - Creates a log entry that a Firewall rule has allowed a packet to either
be denied or permitted.
Mark - Modifies certain fields inside the packet, and then permits them.
Therefore, mark is an action with an implicit permit.
Mark, Log - Conducts both mark and log functions.
Use the spinner control to specify a precedence for this MAC Firewall rule
between 1-1500. Access policies with lower precedence are always
applied first to packets.
Enter a VLAN ID representative of the shared SSID each user employs to
interoperate within the network (once authenticated by the access point's
local RADIUS server). The VLAN ID can be between1 and 4094.
Configures IP DSCP to 802.1p priority mapping for untagged frames. Use
the spinner control to define a setting between 0-7.
Use the drop-down menu to specify an Ethertype of either ipv6, arp, wisp,
monitor 8021q. An EtherType is a two-octet field within an Ethernet frame.
It is used to indicate which protocol is encapsulated in the payload of an
Ethernet frame.
Provide a description (up to 64 characters) for the rule to help differentiate
it from others with similar configurations.
Trust Parameters:
Select the radio button to enable ARP Trust on this WLAN. ARP packets
received on this WLAN are considered trusted and information from these
packets is used to identify rogue devices within the network. This setting
is disabled by default.
Select the radio button to check for a source MAC mismatch in the ARP
header and Ethernet header. This setting is enabled by default.
Select the radio button to enable DHCP trust on this WLAN. This setting is
disabled by default.
Wireless Client Deny configuration:
If enabled, any associated client which exceeds the thresholds configured
for storm traffic is either deauthenticated or blacklisted depending on the
selected Action. The threshold range is 1-1000000 packets per second.
This feature is disabled by default.
If enabling a wireless client threshold, use the drop-down menu to
determine whether clients are deauthenticated when the threshold is
exceeded, or blacklisted from connectivity for a user defined interval.
Selecting None applies no consequence to an exceeded threshold.