66
Performing Advanced Configuration
Static MAC Filter Examples
Consider a network that contains a wired server and three wireless clients. The MAC address for each unit is as
follows:
– Wired Server: 00:40:F4:1C:DB:6A
– Wireless Client 1: 00:02:2D:51:94:E4
– Wireless Client 2: 00:02:2D:51:32:12
– Wireless Client 3: 00:20:A6:12:4E:38
Prevent Two Specific Devices from Communicating
Configure the following settings to prevent the Wired Server and Wireless Client 1 from communicating:
• Wired MAC Address: 00:40:F4:1C:DB:6A
• Wired Mask: FF:FF:FF:FF:FF:FF
• Wireless MAC Address: 00:02:2D:51:94:E4
• Wireless Mask: FF:FF:FF:FF:FF:FF
Result: Traffic between the Wired Server and Wireless Client 1 is blocked. Wireless Clients 2 and 3 can still
communicate with the Wired Server.
Prevent Multiple Wireless Devices From Communicating With a Single Wired Device
Configure the following settings to prevent Wireless Clients 1 and 2 from communicating with the Wired Server.
• Wired MAC Address: 00:40:F4:1C:DB:6A
• Wired Mask: FF:FF:FF:FF:FF:FF
• Wireless MAC Address: 00:02:2D:51:94:E4
• Wireless Mask: FF:FF:FF:00:00:00
Result: When a logical “AND” is performed on the Wireless MAC Address and Wireless Mask, the result corresponds
to any MAC address beginning with the 00:20:2D prefix. Since Wireless Client 1 and Wireless Client 2 share the same
prefix (00:02:2D), traffic between the Wired Server and Wireless Clients 1 and 2 is blocked. Wireless Client 3 can still
communicate with the Wired Server since it has a different prefix (00:20:A6).
Prevent All Wireless Devices From Communicating With a Single Wired Device
Configure the following settings to prevent all three Wireless Clients from communicating with Wired Server 1.
• Wired MAC Address: 00:40:F4:1C:DB:6A
• Wired Mask: FF:FF:FF:FF:FF:FF
• Wireless MAC Address: 00:00:00:00:00:00
• Wireless Mask: 00:00:00:00:00:00
Result: The Access Point blocks all traffic between Wired Server 1 and all wireless clients.
Prevent A Wireless Device From Communicating With the Wired Network
Configure the following settings to prevent Wireless Client 3 from communicating with any device on the Ethernet.
• Wired MAC Address: 00:00:00:00:00:00
• Wired Mask: 00:00:00:00:00:00
• Wireless MAC Address: 00:20:A6:12:4E:38
• Wireless Mask: FF:FF:FF:FF:FF:FF
Result: The Access Point blocks all traffic between Wireless Client 3 and the Ethernet network.
Prevent Messages Destined for a Specific Multicast Group from Being Forwarded to the Wireless LAN
If there are devices on your Ethernet network that use multicast packets to communicate and these packets are not
required by your wireless clients, you can set up a Static MAC filter to preserve wireless bandwidth. For example, if
routers on your network use a specific multicast address (such as 01:00:5E:00:32:4B) to exchange information, you
can set up a filter to prevent these multicast packets from being forwarded to the wireless network:
• Wired MAC Address: 01:00:5E:00:32:4B