MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

121

122

123

124

125

126

127

128

129

130

• IP broadcast packets, except NetBIOS

• Certain address management protocols (ARP, DHCP) regardless of their source

address.

• Any traffic addressed to the AP, including 802.1X.

Blocked

• All traffic that is not accepted is blocked. This includes NetBIOS traffic regardless

of its source/destination address. HTTPS traffic not addressed to the AP (or upstream

device) is also blocked, which means wireless users cannot access the management

tool on other HP APs.

Outgoing wireless traffic filters

Applies to traffic sent from the AP to wireless users.

Accepted

• Any IP traffic coming from the upstream device, except NetBIOS packets.

• PPPoE traffic from the upstream device.

• IP broadcast packets, except NetBIOS

• ARP and DHCP Offer and ACK packets.

• Any traffic coming from the AP itself, including 802.1X.

Blocked

• All other traffic is blocked. This includes NetBIOS traffic regardless of its

source/destination address.

Custom wireless security filter definitions

Use this option to define your own security filters to control incoming and outgoing wireless

traffic. To use the default filters as a starting point, select Get Default Filters.

Filters are specified using standard pcap syntax with the addition of a few HP-specific

placeholders. These placeholders can be used to refer to specific MAC addresses and are

expanded by the AP when the filter is activated. Once expanded, the filter must respect

the pcap syntax. The pcap syntax is documented in the tcpdump man page:

http://www.tcpdump.org/tcpdump_man.html

Placeholders

• %a : MAC address of the controller.

• %b : MAC address of the bridge.

• %g : MAC address of the default gateway assigned to the AP.

• %w : MAC address of AP wireless port.

Wireless mobility considerations

If you enable the wireless mobility feature (to support roaming across different subnets), configuration

of the wireless security filters must respect the following guidelines so as not to interfere with roaming

functionality.

• The Restrict wireless traffic to: Access point default gateway option is not supported.

• The Restrict wireless traffic to: MAC or Custom options can be used provided that they restrict

traffic to destinations that are reachable from all subnets in the mobile domain.

Wireless protection

Two types of wireless protection are offered. WPA and WEP.

VSC configuration options 127