Table of Contents
Advertisement
IP filtering supports the creation of up to 20 filter rules enforced at layer 3. Once defined (using the
Access Point's SNMP, GUI or CLI), filtering rules can be enforced on the Access Point's LAN1 or LAN2
interfaces and within any of the 16 Access Point WLANs. An additional default action is also available
denying traffic when filter rules fail. Lastly, imported and exported configurations retain their defined
IP filtering configurations.
IP filtering is a network layer facility. The IP filtering mechanism does not know anything about the
application using the network connections, only the connections themselves. For example, you can deny
user access to an internal network on the default telnet port, but if you rely on IP filtering alone, you
cannot stop people from using the telnet program with a port you allow to pass through your firewall.
There are a couple of important rules a packet adheres to when its compared with the filter policy list:
Packets are always filtered in sequential order (filtering always begins with the first filter policy
●
displayed in the IP Filtering screen, then the second, third, and so on). The IP Filtering screen is
invoked for LANs within the LAN1 or LAN2 screen and for WLANs within the New WLAN or Edit
WLAN screen. It's from this screen that allow or deny designations are set for IP filtering.
Packets are compared with lines of the filter policy list until a match is made. Once a packet matches
●
a line of the list, it's acted upon, and no further comparisons take place. If inspected packets are
determined to not be IP packets, it permitted by the Access Point for its inbound or outbound
destination.
Once you create a filter policy, apply it to an interface in either an incoming or outgoing direction.
Traffic entering the Access Point's LAN1, LAN2 or WLAN (1-16) from a client is classified as
●
Incoming traffic.
Traffic leaving the Access Point's LAN1, LAN2 or WLAN (1-16) in route to a client is classified as
●
Outgoing traffic.
For additional examples of how to configure IP Filter policies for both an Access Point WLAN and
LAN, see
"IP Filter Configuration - Example" on page
Altitude 4700 Series Access Point Product Reference Guide
192.
189
Advertisement
Table of Contents
Related Manuals for Extreme Networks Altitude 4700 Series
Related Products for Extreme Networks Altitude 4700 Series
- Extreme Networks ExtremeSwitching Virtual Services Platform 4450GTX-HT-PWR+
- Extreme Networks Universal Compute Platform Appliance 4120C
- Extreme Networks 4120 Series
- Extreme Networks ExtremeSwitching 5420M-48W-4YE
- Extreme Networks ExtremeSwitching 5420M-48T-4YE
- Extreme Networks ExtremeSwitching Virtual Services Platform 4850GTS-PWR+
- Extreme Networks ExtremeSwitching Virtual Services Platform 4850GTS Series
- Extreme Networks EPICenter 4.1