Manualshelf

User's Guide

ManualsBrandsMojo Networks ManualsElectronicsAccess Point / Sensor
61626364656667686970
AirTight Management Console User Guide
52
IP Address
Key
Key in the GRE header. If configured, key should be same at
both ends of the tunnel. Key is not mandatory to be configured in
GRE tunnel.
Exempted
Host/Network List
List of comma separated network and/or IP addresses that are
exempted from using the GRE tunnel.
In case you do not want to use GRE, disable the GRE check box.
4.
Click Save to save the changes to the network settings.
Enable Layer 2 inspection and Filtering
L2 inspection and filtering prevents frames exchanged between two mobile devices from being delivered
by the Wi-Fi access network without first being inspected and filtered in either the hotspot operator
network or the Service Provider core network. Such processing provides some protection for mobile
devices against attack. The inspection and filtering mechanism is out of the scope of the Wi-Fi profile
settings,
If you want to inspect the packets exchanged between two clients in a Wi-Fi network on a wired side host,
do the following.
1.
Select the Enable Layer 2 Traffic Inspection and Filtering check box.
2. Click Save to save the changes. You can use a packet capture tool to view the packets on the wired
side.
Inspection of layer 2 packets by AirTight AP is not supported.
Disable Downstream Group Addressed Forwarding
The purpose of the Downstream Group Addressed Forwarding (DGAF) Disable feature is to mitigate a
"hole-196” attack. By IEEE 802.11i design, all STAs in a BSS use the same GTK so forgery of group-
addressed frames is always possible. However, in some hotspots multicast service using group-
addressed frames is needed; in these cases, the DGAF Disable bit would be set to 0.
You must enable the proxy ARP setting to disable DGAF.
To disable DGAF and mitigate a hole-196 attack, do the following.
1.
Select the Enable Proxy ARP Setting check box. The Disable DGAF check box is enabled.
2. Select the Disable DGAF check box to ensure future attacks that exploit the GTK can be mitigated.
3. Click Save to save the changes.
Enable/Disable DHCP Option 82
DHCP Option 82 is generally used in a distributed DHCP server environment where an AP inserts
additional information to identify the client point of attachment. The circuit ID represents the client point of
attachment. The DHCP Option 82 is available for a bridged SSID only.
When the DHCP option 82 is enabled and the AP receives DHCP packets from the client, a circuit ID is
appended by the AP to the DHCP packets from the client. It then forwards this DHCP request to the
DHCP server. Based on the circuit ID in the DHCP request, the DHCP server makes a decision on the IP
pool from which to assign an IP address to the client. When the DHCP assigns the IP address and
passes it to the AP, the AP passes it on to the client after stripping the circuit ID.
To enable DHCP Option 82 while creating or editing a Wi-Fi profile, do the following.
1.
Under Network Settings, select the Bridged option.