3Com 3CRWE875075ATAA User Guide - Page 36

Ecurity, Ilters, Lient, Imeout, Plink, Ddress, Iltering

Get 3Com 3CRWE875075ATAA - Wireless LAN Access Point 8750 PDF manuals and user guides
UPC - 662705487465
View all 3Com 3CRWE875075ATAA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 36 highlights

VLAN Switch ports must be tagged ports that match the VLAN ID on the Access Point. Associated client VLAN IDs will appear in the Syslog file in ASCII Decimal format. When VLAN filtering is enabled, the access point queries the server for the VLAN IDs of associating clients and saves the VLAN IDs. If a client does not have a VLAN ID, the access point assigns its own native VLAN ID to that client. To enable VLAN filtering, enter a VLAN ID (a number between 1 and 4095) in the Native VLAN ID field and select VLAN Enable. When VLAN filtering is disabled, the access point ignores VLAN-tagged frames. SECURITY FILTERS These options allow you to block communication among wireless clients (client-to-client blocking) and prevent wireless clients from performing access point administration. o Local Bridge Filter-Enable this filter to prevent direct communication between wireless clients, creating a more secure wireless network. o AP Management Filter-Enable this filter to prevent wireless clients from accessing the access point for management; for example through TELNET or SNMP. CLIENT LIST TIMEOUT This option sets the timeout for inactive clients to be disassociated and removed from the associated client list. The interval can be set to 1, 5, 10, 30 or 60 minutes (default is 30 minutes). UPLINK PORT MAC ADDRESS FILTERING This feature allows associated wireless clients to communicate only with specific selected MAC addresses on a sub net. By only allowing clients to communicate with a few specific servers such as DHCP server, a Gateway, or a local web server, clients are blocked from communicating with other clients on the local sub net, but are still allowed (via the gateway) to communicate with severs on the Internet. Note: In most cases client to client blocking should also be enabled as the Uplink Filter only works on packets coming into the AP from its Ethernet (uplink) port. For security reasons it is desirable to block client to client communications for wireless clients associated with an Access Point (AP). It is also desirable to block client to client communications between clients associated with different AP's on the local sub net. For instance an airport may have several AP's to service several "hot spots" within 36

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
36
VLAN Switch ports must be tagged ports that match the VLAN ID on the Access
Point. Associated client VLAN IDs will appear in the Syslog file in ASCII Decimal
format.
When VLAN filtering is enabled, the access point queries the server for the VLAN IDs
of associating clients and saves the VLAN IDs. If a client does not have a VLAN ID,
the access point assigns its own native VLAN ID to that client.
To enable VLAN filtering, enter a VLAN ID (a number between 1 and 4095) in the
Native VLAN ID
field and select
VLAN Enable.
When VLAN filtering is disabled, the access point ignores VLAN-tagged frames.
S
ECURITY
F
ILTERS
These options allow you to block communication among wireless clients
(client-to-client blocking) and prevent wireless clients from performing access point
administration.
o
Local Bridge Filter
—Enable this filter to prevent direct communication between
wireless clients, creating a more secure wireless network.
o
AP Management Filter
—Enable this filter to prevent wireless clients from
accessing the access point for management; for example through TELNET or
SNMP.
C
LIENT
L
IST
T
IMEOUT
This option sets the timeout for inactive clients to be disassociated and removed from
the associated client list. The interval can be set to 1, 5, 10, 30 or 60 minutes (default is
30 minutes).
U
PLINK
P
ORT
MAC A
DDRESS
F
ILTERING
This feature allows associated wireless clients to communicate only with specific
selected MAC addresses on a sub net.
By only allowing clients to communicate with a
few specific servers such as DHCP server, a Gateway, or a local web server, clients are
blocked from communicating with other clients on the local sub net, but are still
allowed (via the gateway) to communicate with severs on the Internet.
Note:
In most
cases client to client blocking should also be enabled as the
Uplink Filter
only works
on packets coming into the AP from its Ethernet (uplink) port.
For security reasons it is desirable to block client to client communications for wireless
clients associated with an Access Point (AP).
It is also desirable to block client to
client communications between clients associated with different AP’s on the local sub
net. For instance an airport may have several AP’s to service several "hot spots" within