Creating An Ip Filter - Cisco M10-RM Software Manual

Chapter 16 Configuring Filters

Creating an IP Filter

Follow these steps to create an IP filter:
Step 1 Follow the link path to the IP Filters page.
If you are creating a new filter, make sure <NEW> (the default) is selected in the Create/Edit Filter
Step 2
Index menu. To edit an existing filter, select the filter name from the Create/Edit Filter Index menu.
Step 3 Enter a descriptive name for the new filter in the Filter Name field.
Select Forward all or Block all as the filter's default action from the Default Action menu. The filter's
Step 4
default action must be the opposite of the action for at least one of the addresses in the filter. For
example, if you create a filter containing an IP address, an IP protocol, and an IP port and you select
Block as the action for all of them, you must choose Forward All as the filter's default action.
To filter an IP address, enter an address in the IP Address field.
Step 5
Note
Type the mask for the IP address in the Mask field. Enter the mask with periods separating the groups
Step 6
of characters (112.334.556.778, for example). If you enter 255.255.255.255 as the mask, the access point
accepts any IP address. If you enter 0.0.0.0, the access point looks for an exact match with the IP address
you entered in the IP Address field. The mask you enter in this field behaves the same way that a mask
behaves when you enter it in the CLI.
Select Forward or Block from the Action menu.
Step 7
Step 8 Click Add. The address appears in the Filters Classes field. To remove the address from the Filters
Classes list, select it and click Delete Class. Repeat
If you do not need to add IP protocol or IP port elements to the filter, skip to
on the access point.
To filter an IP protocol, select one of the common protocols from the IP Protocol drop-down menu, or
Step 9
select the Custom radio button and enter the number of an existing ACL in the Custom field. Enter an
ACL number from 0 to 255. See
numeric designators.
Select Forward or Block from the Action menu.
Step 10
Click Add. The protocol appears in the Filters Classes field. To remove the protocol from the Filters
Step 11
Classes list, select it and click Delete Class. Repeat
If you do not need to add IP port elements to the filter, skip to
point.
Step 12 To filter a TCP or UDP port protocol, select one of the common port protocols from the TCP Port or
UDP Port drop-down menus, or select the Custom radio button and enter the number of an existing
protocol in one of the Custom fields. Enter a protocol number from 0 to 65535. See
"Protocol Filters,"
Select Forward or Block from the Action menu.
Step 13
Click Add. The protocol appears in the Filters Classes field. To remove the protocol from the Filters
Step 14
Classes list, select it and click Delete Class. Repeat
OL-14209-01
If you plan to block traffic to all IP addresses except those you specify as allowed, put the
address of your own PC in the list of allowed addresses to avoid losing connectivity to the access
point.
Appendix A, "Protocol Filters,"
for a list of IP port protocols and their numeric designators.
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
Configuring Filters Using the Web-Browser Interface
Step 5 through Step 8 to add addresses to the filter.
Step 15
for a list of IP protocols and their
Step 9 to Step 11 to add protocols to the filter.
Step 15 to save the filter on the access
Step 12 to Step 14 to add protocols to the filter.
to save the filter
Appendix A,
16-11