Understanding Filters; Configuring Filters Using The Cli - Cisco M10-RM Software Manual

Understanding Filters

Understanding Filters
Protocol filters (IP protocol, IP port, and Ethertype) prevent or allow the use of specific protocols
through the access point's Ethernet and radio ports. You can set up individual protocol filters or sets of
filters. You can filter protocols for wireless client devices, users on the wired LAN, or both. For example,
an SNMP filter on the access point's radio port prevents wireless client devices from using SNMP with
the access point but does not block SNMP access from the wired LAN.
IP address and MAC address filters allow or disallow the forwarding of unicast and multicast packets
either sent from or addressed to specific IP or MAC addresses. You can create a filter that passes traffic
to all addresses except those you specify, or you can create a filter that blocks traffic to all addresses
except those you specify.
You can configure filters using the web-browser interface or by entering commands in the CLI.
You can include filters in the access point's QoS policies. Refer to
Tip
detailed instructions on setting up QoS policies.
Note Using the CLI, you can configure up to 2,048 MAC addresses for filtering. Using the web-browser
interface, however, you can configure only up to 43 MAC addresses for filtering.

Configuring Filters Using the CLI

To configure filters using CLI commands, you use access control lists (ACLs) and bridge groups. You
can find explanations of these concepts and instructions for implementing them in these documents:
•
•
Avoid using both the CLI and the web-browser interfaces to configure the wireless device. If you
Note
configure the wireless device using the CLI, the web-browser interface might display an inaccurate
interpretation of the configuration. However, the inaccuracy does not necessarily mean that the wireless
device is misconfigured. For example, if you configure ACLs using the CLI, the web-browser interface
might display this message: "Filter 700 was configured on interface Dot11Radio0 using CLI. It must be
cleared via CLI to ensure proper operation of the web interface." If you see this message you should use
the CLI to delete the ACLs and use the web-browser interface to reconfigure them.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
16-2
Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.4. Click this link to
browse to the "Configuring Transparent Bridging" chapter:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fibm_c/bcfpart1/bcftb.
htm
Catalyst 4908G-L3 Cisco IOS Release 12.0(10)W5(18e) Software Feature and Configuration
Guide. Click this link to browse to the "Command Reference" chapter:
http://www.cisco.com/univercd/cc/td/doc/product/l3sw/4908g_l3/ios_12/10w518e/config/cmd_ref
.htm
Chapter 16 Configuring Filters
Chapter 15, "Configuring
OL-14209-01
QoS,"for