Cooper Bussmann VERSION 1.6 BU-945U-E 802.11 DSSS User Manual

Page 41

background image

www.cooperbussmann.com/BussmannWirelessResources

Cooper Bussmann Wireless Ethernet & Device Server BU-945U-E 802.11 DSSS User Manual

41

3A1582Rev1.6

The BU-945U-E may be configured to reject or accept messages to and from certain Addresses. To accept wireless messages from particular
devices a “Whitelist” of Addresses must be made. Alternatively to reject messages from particular devices, a “Blacklist” of Addresses must be
made. Filtering applies only to messages appearing at the wired Ethernet port of the configured BU-945U-E.

The Filter comprises of three lists: MAC Addresses, IP Address/Protocol/Port and ARP Filters. Each list may be set as either a Blacklist (to block
traffic for listed devices and protocols), or as a Whitelist (to allow traffic for listed devices and protocols). The Filter operates on four rules listed
below.

• The MAC Address filter is always checked before the IP Address filter.

• If a message matches a MAC filter entry, it will not be subsequently processed by the IP filter. If the MAC filter list is a Whitelist, the message

will be accepted. If the MAC filter list is a Blacklist, the message will be dropped.

• The MAC address list checks the Source address of the message only.

• The IP Address filter checks both the source address and the destination address of the message. If either address match, then the rule is

activated.

• ARP filtering applies only to ARP request packets (typically these are broadcast packets) which are sourced from the Ethernet interface and

destined for the wireless interface. (ARP requests from devices on the wireless network will always be passed to the Ethernet interface. ARP
response packets will always be passed).

When configuring a Whitelist it is important to add the Addresses of all devices connected to the BU-945U-E wired Ethernet port, that
communicate over the wireless link. It is particularly important to add the Address of the configuration PC to the Whitelist. Failure to add this
address will prevent the configuration PC from making any further changes to configuration. Design of the filter may be simplified by monitoring
network traffic and forming a profile of traffic on the wired network. Network Analysis software, such as the freely available “Wireshark” program,
will list broadcast traffic sent on the network.

For example, in the figure below, Device B needs to communicate with Device E via modems C & D. The Filtering requires that at Modem C has
Device B in its Whitelist and Modem D has Device E in its Whitelist. With this filtering Device A will be not be able to access Device E, as Device A
is not present in the Whitelist in Modem C.

If an erroneous configuration has prevented all access to the module, SETUP mode may be used to restore operation.