Configuring ip tunnel filters – Allied Telesis AT-WA7501 User Manual
Page 150

Chapter 5: Configuring the Spanning Tree
150
2. If you enabled IGMP, enter the Class D IP multicast address. The
default is 224.0.1.65.
3. Enter the IP addresses or DNS names of all the access points that can
be the endpoints of IP tunnels.
4. Click Submit Changes to save your changes. To activate your
changes, from the menu bar click Save/Discard Changes, and then 
click Save Changes and Reboot. For help, see “Saving Configuration 
Changes” on page 46.
Configuring IP
Tunnel Filters
You can set both Ethernet and IP tunnel filters, and you can create 
protocol filters for predefined protocol types. In addition, you can define 
arbitrary frame filters based on frame content. 
By default, all IP tunnel traffic (except NNL traffic) is dropped. IP tunnel 
filters are only outbound filters. That is, when you configure IP tunnel filters 
in the root access point, you are only defining what type of traffic the root 
will send through the tunnel. The root will receive anything sent to it by the 
access point at the endpoint of the tunnel. The access point at the 
endpoint of the tunnel acts the same way. In order for a particular type of 
traffic to pass, you need to set the same filters to pass in both in the root 
access point and in the access point at the endpoint of a tunnel. 
For help configuring Ethernet filters, see “Configuring Ethernet Filters” on 
page 80.
Using IP Tunnel Frame Type Filters
The IP tunnel port automatically provides some filtering for wireless end 
devices. You can define permanent IP tunnel port filters to prevent 
unwanted frame forwarding through an IP tunnel. ICMP frames with the 
following types are always forwarded:
IP and ARP frames are never forwarded inbound through an IP tunnel to 
the root IP subnet unless the source IP address belongs to the root IP 
subnet. (Frames are only forwarded inbound if the source IP address in 
the IP or ARP frame identifies an end device that has roamed away from 
its root IP subnet.) IP and ARP frames are never forwarded outbound 
Echo Request
Echo Reply
Destination Unreachable
Source Quench
Redirect
Alternate Host Address
Time Exceeded
Parameter Problem
Time Stamp
Time Stamp Reply
Address Mask Request
Address Mask Reply
Trace Route
