Filter
Top Products
16-2
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter 16 Configuring Filters
Understanding Filters
Understanding Filters
Protocol filters (IP protocol, IP port, and EtherType) prevent or allow the use of specific protocols
through the access point’s Ethernet and radio ports. You can set up individual protocol filters or sets of
filters. You can filter protocols for wireless client devices, users on the wired LAN, or both. For example,
an SNMP filter on the access point’s radio port prevents wireless client devices from using SNMP with
or through the access point but does not block SNMP access from the wired LAN.
IP address and MAC address filters allow or disallow the forwarding of unicast and multicast packets
either sent from or addressed to specific IP or MAC addresses. You can create a filter that passes traffic
to all addresses except those you specify, or you can create a filter that blocks traffic to all addresses
except those you specify.
You can configure filters using the web-browser interface or by entering commands in the CLI.
Tip You can include filters in the access point’s QoS policies. Refer to Chapter 15, “Configuring QoS,”for
detailed instructions on setting up QoS policies.
Note Using the CLI, you can configure up to 2,048 MAC addresses for filtering. Using the web-browser
interface, however, you can configure only up to 43 MAC addresses for filtering.
Configuring Filters Using the CLI
To configure filters using CLI commands, you use access control lists (ACLs) and bridge groups.
• For more information on bridge groups, see the Configuring Transparent Bridging chapter in the
Bridging and IBM Networking Configuration Guide, at the following URL:
http://www.cisco.com/c/en/us/td/docs/ios/bridging/configuration/guide/15-s/br-15-s-book/br_trans
prnt_brdg.html
• For more information on access control lists (ACLs), see the IP Access List Overview chapter, in the
Security Configuration Guide, at the following URL:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/12-4t/sec-data-acl-1
2-4t-book/sec-access-list-ov.html
Note Avoid using both the CLI and the web-browser interfaces to configure the wireless device. If you
configure the wireless device using the CLI, the web-browser interface might display an inaccurate
interpretation of the configuration. However, the inaccuracy does not necessarily mean that the wireless
device is misconfigured. For example, if you configure ACLs using the CLI, the web-browser interface
might display this message: “Filter 700 was configured on interface Dot11Radio0 using CLI. It must be
cleared via CLI to ensure proper operation of the web interface.” If you see this message you should use
the CLI to delete the ACLs and use the web-browser interface to reconfigure them.