Configuration
QB.11-R Installation and Management
Filtering Parameters
90
• Click
Add
.
•
To edit or delete an entry, click
Edit
and change the information, or select Enable, Disable, or Delete from the
Status drop-down menu.
NOTE:
Entries must be enabled in order to be subject to the filter.
Static MAC Address Filtering
Overview
The Static MAC Address filter optimizes the performance of a wireless (and wired) network. When this feature is
configured properly, the unit can block traffic between wired devices on the wired (Ethernet) interface and devices on the
wireless interface based upon MAC address.
NOTE:
The device on the wireless interface can be any device connected through the link, it can be directly connected to
the Ethernet interface of the peer unit, or it can be attached through multiple hops. The MAC address in the
packets arriving at the wireless interface is the important element.
The filter is an advanced feature that lets you limit the data traffic between two specific devices (or between groups of
devices based upon MAC addresses and masks) through the unit’s wireless interface. For example, if you have a server
on your network with which you do not want wireless clients to communicate, you can set up a static MAC
filter to block
traffic between these devices. The Static MAC Filter Table performs bi-directional filtering. However, note that this is an
advanced filter and it may be easier to control wireless traffic through other filter options, such as
Protocol Filtering
.
Each MAC address or mask is comprised of 12 hexadecimal digits (0-9 and A-F) that correspond to a 48-bit identifier.
(Each hexadecimal digit represents 4 bits (0 or 1).
Taken together, a MAC address/mask pair specifies an address or a range of MAC addresses that the unit looks for when
examining packets. The unit uses Boolean logic to perform an “and” operation between the MAC address and the mask
at the bit level. However, for most users, you do not need to think in terms of bits. It should be sufficient to create a filter
using only the hexadecimal digits 0 and F in the mask (where 0 is any value and F is the value specified in the MAC
address). A mask of 00:00:00:00:00:00 corresponds to all MAC addresses, and a mask of FF:FF:FF:FF:FF:FF:FF:FF
applies only to the specified MAC address.
For example, if the MAC address is 00:20:A6:12:54:C3 and the mask is FF;FF;FF;00:00:00, the unit examines the source
and destination addresses of each packet looking for any MAC address starting with 00:20:A6. If the mask is
FF;FF;FF;FF;FF;FF, the unit looks only for the specific MAC address (in this case, 00:20:A6:12:54:C3).
When creating a filter, you can configure the Wired parameters only, the Wireless parameters only, or both sets of
parameters. Which parameters to configure depends upon the traffic that you want to block:
• To prevent all traffic from a specific wired MAC address from being forwarded to the wireless network, configure only
the Wired MAC address and Wired mask (leave the Wireless MAC and Wireless mask set to all zeros).
• To prevent all traffic from a specific wireless MAC address from being forwarded to the wired network, configure only
the Wireless MAC and Wireless mask (leave the Wired MAC address and Wired mask set to all zeros).
• To block traffic between a specific wired MAC address and a specific wireless MAC address, configure all four
parameters.
Static MAC Filter Examples
Consider a network that contains a wired server and three wireless clients. The MAC address for each unit is as follows:
•
Wired Server:
00:40:F4:1C:DB:6A
•
Wireless Client 1:
00:02:2D:51:94:E4
•
Wireless Client 2:
00:02:2D:51:32:12