Tuesday, December 22, 2009

Configuring Filters

[notes]
I've never personally setup a wireless filter for a client for any reason - I've never had to micromanage a wireless network to that degree - well now I've got to - ok, so here are my notes that I found interesting while reading the "configuring filters" section of the Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12.3(7)JA LINK

  • Using the CLI, you can configure up to 2,048 MAC addresses for filtering. Using the web-browser interface, however, you can configure only up to 43 MAC addresses for filtering.
  • Avoid using both the CLI and the web-browser interfaces to configure the wireless device. If you configure the wireless device using the CLI, the web-browser interface might display an inaccurate interpretation of the configuration. However, the inaccuracy does not necessarily mean that the wireless device is misconfigured. For example, if you configure ACLs using the CLI, the web-browser interface might display this message: "Filter 700 was configured on interface Dot11Radio0 using CLI. It must be cleared via CLI to ensure proper operation of the web interface." If you see this message you should use the CLI to delete the ACLs and use the web-browser interface to reconfigure them.
  • MAC address filters are powerful, and you can lock yourself out of the access point if you make a mistake setting up the filters. If you accidentally lock yourself out of your access point, use the CLI to disable the filters.
  • To make sure the filter operates properly, use lower case for all the letters in the MAC addresses that you enter. 
  • Client devices with blocked MAC addresses cannot send or receive data through the access point, but they might remain in the Association Table as unauthenticated client devices. Client devices with blocked MAC addresses disappear from the Association Table when the access point stops monitoring them, when the access point reboots, or when the clients associate to another access point.  
  • If you plan to block traffic to all IP addresses except those you specify as allowed, put the address of your own PC in the list of allowed addresses to avoid losing connectivity to the access point.  
For specific Ethertype filters - refer to this Appendix of Protocol Filters from the Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12.3(7)JA: LINK






Posted by Jennifer at 12:55 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)