User guide

ManualsBrandsSiemens ManualsHobEF 711 Series

191

192

193

194

195

196

197

198

199

200

Configuring Policies

Filtering Rules

SCALANCE WLC711

User Guide, V8.11, 07/2012, C79000-G8976-C260-03 5-7

Note:

You can also prevent the two wireless devices from communicating with each other by setting Block Mu to

MU traffic. See “Configuring a Basic WLAN Service” on page 6-2.

Defining Filter Rules for Wireless APs

You can also apply filter rules on the Wireless AP. Applying filter rules at the Wireless AP helps

restrict unwanted traffic at the edge of your network. The Wireless APs can support up to a

maximum of 32 filters rules per group. Filtering at the Wireless AP can be configured with the

following Topology types:

• Bridge Traffic Locally at the AP — If filtering at the Wireless AP is enabled on a Bridge Traffic

Locally at the AP topology, the filtering is applied to traffic in both the uplink and downlink

direction — the uplink direction is from the wireless device to the network, and the downlink

direction is from the network to the wireless device.

• Routed and Bridge Traffic Locally at the WLC — If filtering at the Wireless AP is enabled on

a Routed or Bridge Traffic Locally at the WLC topology, the filtering is applied only to traffic

in the UL direction. The filters applied in the UL direction at the Wireless AP can be the same

as or different from filters applied at the SCALANCE IWLAN Controller.

Wireless AP Filtering

When filtering at the Wireless AP is enabled, Wireless APs obtain client filter information from the

SCALANCE IWLAN Controller. In addition, direct inter-Wireless AP communication allows

Wireless APs to exchange client filter information as clients roam from one Wireless AP to another.

This allows the system to achieve a very fast roaming time. To take advantage of inter-Wireless AP

communication, you should configure the network such that Wireless APs in the mobility domain

can communicate with each other through the Wireless AP's Ethernet interface. Also, multicast

traffic with an IP address of 224.0.1.178 should be allowed between Wireless APs.

Configuring Filter Rules

To Configure Filter Rules for the Controller:

1. From the top menu, click VNS Configuration. The Virtual Network Configuration screen is

displayed.

2. In the left pane, expand the Policies pane and click the Policy you want to edit, or click the

New button to create a new policy.

The Policy configuration page is displayed.

3. Click the Filter Rules tab.

The WLC Filters tab displays. See Figure 5-2 on page 5-8.

4. Configure filter rules for the controller. See Table 5-9 on page 5-6.

x x [Intranet IP, range] Deny all access to the VNS subnet range (such as 0/24)

x x x *.*.*.*. Allow everything else

Table 5-9 Rules Between Two Wireless Devices (continued)

In Out Allow IP / Port Description