Table of Contents
Advertisement
Match 802.1P
Ethertype
Description
21. Save the changes to the new MAC rule, or reset to the last saved configuration as needed.
22. Define the following parameters for
association to devices for this wireless LAN. If no Association ACL exists, select the
window where new ACL can be created.
23. Select the
+ Add Row
button.
24. Define the following parameters for
Precedence
Starting MAC Address
Ending MAC Address
Allow/Deny
25. Set the following
Trust
Parameters:
ARP Trust
Validate ARP Header
Mismatch
DHCP Trust
26. Set the following
IPv6
Settings:
ND Trust
Validate ND Header
Mismatch
Configures IP DSCP to 802.1p priority mapping for untagged frames. Use the spinner
control to define a setting from 0 - 7.
Use the drop-down menu to specify an Ethertype of either ipv6, arp, wisp or monitor
8021q. An Ethertype is a two-octet field within an Ethernet frame. It is used to indicate
which protocol is encapsulated in the payload of an Ethernet frame.
Provide a description (up to 64 characters) for this rule to help differentiate it from others
with similar configurations.
Association
ACL. An Association ACL defines the rules used to allow/deny
Association
ACL:
Enter a numerical value indicating the precedence of rule execution.
Enter a MAC address to define the start of range. This field is mandatory.
Enter a MAC address to define the end of range.
Every Association ACL rule consists of matching criteria rules. The action defines what to
do with the device if it matches the specified criteria. The following actions are supported:
• Deny - Instructs the Firewall to not to allow the device to associate with this WLAN.
• Permit - Instructs the Firewall to allow the device to associate with this WLAN.
Select this radio button to enable ARP trust on this WLAN. ARP packets received on this
WLAN are considered trusted and information from these packets is used to identify rogue
devices within the network. This setting is disabled by default.
Select this radio button to check for a source MAC mismatch in the ARP header and
Ethernet header. This setting is enabled by default.
Select this radio button to enable DHCP trust on this WLAN. This setting is disabled by
default.
Select this option to enable the trust of neighbor discovery requests on an IPv6 supported
firewall on this WLAN. This setting is disabled by default.
Select this option to enable a mismatch check for the source MAC within the ND header
and Link Layer Option. This setting is enabled by default.
Create
button to display a new
6 - 35
- Quick Links:
- Accessing the Web Ui
Hide quick links:
Advertisement
Table of Contents
