beautypg.com

Configuring ip tunnel filters – Allied Telesis AT-WA7500 User Manual

Page 126

background image

5 - Configuring the Spanning Tree

126

Configuring IP

Tunnel Filters

You can set both Ethernet and IP tunnel filters, and you can create
protocol filters for predefined protocol types. In addition, you can define
arbitrary frame filters based on frame content.

By default, all IP tunnel traffic is dropped. IP tunnel filters are only
outbound filters. That is, when you configure IP tunnel filters in the root
access point, you are only defining what type of traffic the root will send
through the tunnel. The root will receive anything sent to it by the
access point at the endpoint of the tunnel. The access point at the
endpoint of the tunnel acts the same way. In order for a particular type
of traffic to pass, you need to set the same filters to pass in both in the
root access point and in the access point at the endpoint of a tunnel.

For help configuring Ethernet filters, see Chapter 3, Configuring the
Ethernet Network on page 53.

Using IP Tunnel Frame Type Filters

The IP tunnel port automatically provides some filtering for wireless end
devices. You can define permanent IP tunnel port filters to prevent
unwanted frame forwarding through an IP tunnel. ICMP frames with the
following types are always forwarded:

IP and ARP frames are never forwarded inbound through an IP tunnel to
the root IP subnet unless the source IP address belongs to the root IP
subnet. (Frames are only forwarded inbound if the source IP address in
the IP or ARP frame identifies an end device that has roamed away from
its root IP subnet.) IP and ARP frames are never forwarded outbound
through an IP tunnel by the root access point unless the destination IP
address belongs to the root IP subnet. (Frames are only forwarded
outbound to end devices that have roamed away from the root IP
subnet.) For detailed information about other frame types that are never
forwarded, see Frame Types That Are Never Forwarded on page 122.

‰ Echo Request

‰ Parameter Problem

‰ Echo Reply

‰ Time Stamp

‰ Destination Unreachable

‰ Time Stamp Reply

‰ Source Quench

‰ Address Mask Request

‰ Redirect

‰ Address Mask Reply

‰ Alternate Host Address

‰ Trace Route

‰ Time Exceeded

See also other documents in the category Allied Telesis Computer hardware: