Advanced Configuration |
|
Filtering |
|
|
|
Each MAC Address or Mask is comprised of 12 hexadecimal digits
Taken together, a MAC Address/Mask pair specifies an address or a range of MAC addresses that the AP will look for when examining packets. The AP uses Boolean logic to perform an “AND” operation between the MAC Address and the Mask at the bit level. However, for most users, you do not need to think in terms of bits. It should be sufficient to create a filter using only the hexadecimal digits 0 and F in the Mask (where 0 is any value and F is the value specified in the MAC address). A Mask of 00:00:00:00:00:00 corresponds to all MAC addresses, and a Mask of FF:FF:FF:FF:FF:FF applies only to the specified MAC Address.
For example, if the MAC Address is 00:20:A6:12:54:C3 and the Mask is FF:FF:FF:00:00:00, the AP will examine the source and destination addresses of each packet looking for any MAC address starting with 00:20:A6. If the Mask is FF:FF:FF:FF:FF:FF, the AP will only look for the specific MAC address (in this case, 00:20:A6:12:54:C3).
When creating a filter, you can configure the Wired parameters only, the Wireless parameters only, or both sets of parameters. Which parameters to configure depends upon the traffic that you want block:
•To prevent all traffic from a specific wired MAC address from being forwarded to the wireless network, configure only the Wired MAC Address and Wired Mask (leave the Wireless MAC Address and Wireless Mask set to all zeros).
•To prevent all traffic from a specific wireless MAC address from being forwarded to the wired network, configure only the Wireless MAC address and Wireless Mask (leave the Wired MAC Address and Wired Mask set to all zeros).
•To block traffic between a specific wired MAC address and a specific wireless MAC address, configure all four parameters.
A maximum of 200 entries can be created in the Static MAC filter table. To create an entry, click Add and enter the appropriate MAC addresses and Masks to setup a filter. The entry is enabled automatically when saved. To edit an entry, click Edit. To disable or remove an entry, click Edit and change the Status field from Enable to Disable or Delete.
Figure 4-23 Static MAC Configuration Screen
Static MAC Filter Examples
Consider a network that contains a wired server and three wireless clients. The MAC address for each unit is as follows:
•Wired Server: 00:40:F4:1C:DB:6A
•Wireless Client 1: 00:02:2D:51:94:E4
71