16-14
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter16 Configuring Filters
Configuring Filters Using the Web-Browser Interface
Creating an IP Filter
Follow these steps to create an IP filter:
Step1 Follow the link path to the IP Filters page.
Step2 If you are creating a new filter, make sure <NEW> (the default) is selected in the Create/Edit Filter Index
menu. To edit an existing filter, select the filter name from the Create/Edit Filter Index menu.
Step3 Enter a descriptive name for the new filter in the Filter Name field.
Step4 Select Forward all or Block all as the filter’s default action from the Default Action menu. The filter’s
default action must be the opposite of the action for at least one of the addresses in the filter. For
example, if you create a filter containing an IP address, an IP protocol, and an IP port and you select
Block as the action for all of them, you must choose Forward All as the filter’s default action.
Step5 To filter an IP address, enter an address in the IP Address field.
Note If you plan to block traffic to all IP addresses except those you specify as allowed, put the
address of your own PC in the list of allowed addresses to avoid losing connectivity to the access
point.
Step6 Type the mask for the IP address in the Mask field. Enter the mask with periods separating the groups
of characters (172.31.24.10, for example). If you enter 255.255.255.255 as the mask, the access point
accepts any IP address. If you enter 0.0.0.0, the access point looks for an exact match with the IP address
you entered in the IP Address field. The mask you enter in this field behaves the same way that a mask
behaves when you enter it in the CLI.
Step7 Select Forward or Block from the Action menu.
Step8 Click Add. The address appears in the Filters Classes field. To remove the address from the Filters
Classes list, select it and click Delete Class. Repeat Step 5 through Step 8 to add addresses to the filter.
If you do not need to add IP protocol or IP port elements to the filter, skip to Step15 to save the filter
on the access point.
Step9 To filter an IP protocol, select one of the common protocols from the IP Protocol drop-down list, or select
the Custom radio button and enter the number of an existing ACL in the Custom field. Enter an ACL
number from 0 to 255. See Appendix A, “Protocol Filters,” for a list of IP protocols and their numeric
designators.
Step10 Select Forward or Block from the Action menu.
Step11 Click Add. The protocol appears in the Filters Classes field. To remove the protocol from the Filters
Classes list, select it and click Delete Class. Repeat Step 9 to Step 11 to add protocols to the filter.
If you do not need to add IP port elements to the filter, skip to Step15 to save the filter on the access
point.
Step12 To filter a TCP or UDP port protocol, select one of the common port protocols from the TCP Port or
UDP Port drop-down lists, or select the Custom radio button and enter the number of an existing
protocol in one of the Custom fields. Enter a protocol number from 0 to 65535. See AppendixA,
“Protocol Filters,” for a list of IP port protocols and their numeric designators.
Step13 Select Forward or Block from the Action menu.
Step14 Click Add. The protocol appears in the Filters Classes field. To remove the protocol from the Filters
Classes list, select it and click Delete Class. Repeat Step 12 to Step 14 to add protocols to the filter.