Cooper Bussmann BU-945U-E 802.11 DSSS user manual 3A1582Rev1.6

Cooper Bussmann Wireless Ethernet & Device Server BU-945U-E 802.11 DSSS User Manual

The BU-945U-E may be configured to reject or accept messages to and from certain Addresses. To accept wireless messages from particular devices a “Whitelist” of Addresses must be made. Alternatively to reject messages from particular devices, a “Blacklist” of Addresses must be made. Filtering applies only to messages appearing at the wired Ethernet port of the configured BU-945U-E.

The Filter comprises of three lists: MAC Addresses, IP Address/Protocol/Port and ARP Filters. Each list may be set as either a Blacklist (to block traffic for listed devices and protocols), or as a Whitelist (to allow traffic for listed devices and protocols). The Filter operates on four rules listed below.

•The MAC Address filter is always checked before the IP Address filter.

•If a message matches a MAC filter entry, it will not be subsequently processed by the IP filter. If the MAC filter list is a Whitelist, the message will be accepted. If the MAC filter list is a Blacklist, the message will be dropped.

•The MAC address list checks the Source address of the message only.

•The IP Address filter checks both the source address and the destination address of the message. If either address match, then the rule is activated.

•ARP filtering applies only to ARP request packets (typically these are broadcast packets) which are sourced from the Ethernet interface and destined for the wireless interface. (ARP requests from devices on the wireless network will always be passed to the Ethernet interface. ARP response packets will always be passed).

When configuring a Whitelist it is important to add the Addresses of all devices connected to the BU-945U-E wired Ethernet port, that communicate over the wireless link. It is particularly important to add the Address of the configuration PC to the Whitelist. Failure to add this address will prevent the configuration PC from making any further changes to configuration. Design of the filter may be simplified by monitoring network traffic and forming a profile of traffic on the wired network. Network Analysis software, such as the freely available “Wireshark” program, will list broadcast traffic sent on the network.

For example, in the figure below, Device B needs to communicate with Device E via modems C & D. The Filtering requires that at Modem C has Device B in its Whitelist and Modem D has Device E in its Whitelist. With this filtering Device A will be not be able to access Device E, as Device A is not present in the Whitelist in Modem C.

If an erroneous configuration has prevented all access to the module, SETUP mode may be used to restore operation.