Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
3
Replies

1220 and Filters

dhickey
Level 1
Level 1

‎03-27-2003 12:17 PM - edited ‎07-04-2021 08:36 AM

Can someone point to some good information on setting up filters on the 1220 AP. I have read Chapter 5 of the Configuration Guide, but it is pretty much useless.

What I would like to be able to do it block all traffic but certain ports on one of the vlans on the AP. I know how do it with access-lists on the routers, but I am

trying to figure out to accomplish the same thing on the AP without adding every single port I want to block...for instance....

Only allow DHCP, DNS and HTTP traffic for users on a certain VLAN on the AP. I know how to apply it in the service sets, but actually setting it up is fuzzy. I have now problem reading for the solution, just can't find the correct document ot read.

Thanks

Don Hickey

Labels:
0 Helpful
3 Replies 3

ndoshi
Cisco Employee
Cisco Employee

‎03-27-2003 04:00 PM

Hi Don ,

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch8.htm

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350axb.htm

May be combination of above two url will help .

If you want to allow only DHCP , DNS , HTTP , ARP etc ...allow this udp port

here is example of blocking ipx traffic

step1 : Go under setup -> Ethertype filter

step2 : Say Set Name : BlockIPX and click on ADD NEW

step3 : Under Default Disposition we have two options forward and

block . By default it is forward .

Let is be default ( forward )

step4 : Under special cases , type 0x8137 and click on add new .

step5 : You will get new window with options -> Disposition , priority ,

Unicast Time-to-live , multicast Time-to-live , Alert

Under disposition select block . Remaining fields let it be default .

Repeate step 4 and 5 and add type 0x8138 , 0x00ff and 0x00e0

( In summary we need to block 0x8137 , 0x8138 , 0x00ff and

0x00e0 type filters )

step6 : With this we are done defining the "BLOCKIPX" filter .

Still we need to apply on the interface

go to Setup -> ethernet -> filters

You will see EtherType Receive and Forward side .

Apply the above filter and say OK .

Nilesh

0 Helpful

dhickey
Level 1
Level 1
In response to ndoshi

‎03-27-2003 04:30 PM

Nilesh,

Thanks for the reply....Let me see if I have this correct in my mind...

Would I setup a ethertype filter to block TCP and UDP,etc then setup a port filter to allow the ports I would like to pass?

What I dont want to have to do is add tons of ports that I want to block.....You know how regular ACL's have a deny any at the end of it....

So far the documentation (and these forums) have got me through the authentication, per user vlans, and such. This is the last thing I am trying to nail down. I will have one of the vlans as a guest vlan that will only allow web and email traffic. I try this tomorrow....

Thanks again,

Don

0 Helpful

dhickey
Level 1
Level 1
In response to ndoshi

‎03-28-2003 08:15 AM

You ever have the lightbulb just turn on in your head.

I am pretty sure I figured it out....

Setup the port filter for the default action of block and then configure the ports you want to forward....Duhhhh..

That is something that Cisco might want to add to their docs....

Thanks

Don

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card