Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

1220 and Filters

Can someone point to some good information on setting up filters on the 1220 AP. I have read Chapter 5 of the Configuration Guide, but it is pretty much useless.

What I would like to be able to do it block all traffic but certain ports on one of the vlans on the AP. I know how do it with access-lists on the routers, but I am

trying to figure out to accomplish the same thing on the AP without adding every single port I want to block...for instance....

Only allow DHCP, DNS and HTTP traffic for users on a certain VLAN on the AP. I know how to apply it in the service sets, but actually setting it up is fuzzy. I have now problem reading for the solution, just can't find the correct document ot read.

Thanks

Don Hickey

3 REPLIES
Cisco Employee

Re: 1220 and Filters

Hi Don ,

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch8.htm

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350axb.htm

May be combination of above two url will help .

If you want to allow only DHCP , DNS , HTTP , ARP etc ...allow this udp port

here is example of blocking ipx traffic

step1 : Go under setup -> Ethertype filter

step2 : Say Set Name : BlockIPX and click on ADD NEW

step3 : Under Default Disposition we have two options forward and

block . By default it is forward .

Let is be default ( forward )

step4 : Under special cases , type 0x8137 and click on add new .

step5 : You will get new window with options -> Disposition , priority ,

Unicast Time-to-live , multicast Time-to-live , Alert

Under disposition select block . Remaining fields let it be default .

Repeate step 4 and 5 and add type 0x8138 , 0x00ff and 0x00e0

( In summary we need to block 0x8137 , 0x8138 , 0x00ff and

0x00e0 type filters )

step6 : With this we are done defining the "BLOCKIPX" filter .

Still we need to apply on the interface

go to Setup -> ethernet -> filters

You will see EtherType Receive and Forward side .

Apply the above filter and say OK .

Nilesh

Community Member

Re: 1220 and Filters

Nilesh,

Thanks for the reply....Let me see if I have this correct in my mind...

Would I setup a ethertype filter to block TCP and UDP,etc then setup a port filter to allow the ports I would like to pass?

What I dont want to have to do is add tons of ports that I want to block.....You know how regular ACL's have a deny any at the end of it....

So far the documentation (and these forums) have got me through the authentication, per user vlans, and such. This is the last thing I am trying to nail down. I will have one of the vlans as a guest vlan that will only allow web and email traffic. I try this tomorrow....

Thanks again,

Don

Community Member

Re: 1220 and Filters

You ever have the lightbulb just turn on in your head.

I am pretty sure I figured it out....

Setup the port filter for the default action of block and then configure the ports you want to forward....Duhhhh..

That is something that Cisco might want to add to their docs....

Thanks

Don

155
Views
0
Helpful
3
Replies
CreatePlease to create content