Security Configuration
8-9
6. Select + Add Row as needed to add additional IP Firewall Rule configurations. Select the - Delete Row
icon as required to remove selected IP Firewall Rules.
7. Select OK when completed to update the IP Firewall rules. Select Reset to revert the screen back to its
last saved configuration.
8.1.3 Configuring MAC Firewall Rules
Wireless Firewall
Devices can use MAC based Firewalls like Access Control Lists (ACLs) to filter/mark packets based on the IP
from which they arrive, as opposed to filtering packets on Layer 2 ports.
Optionally filter Layer 2 traffic on a physical Layer 2 interface using MAC addresses. A MAC Firewall rule
uses source and destination MAC addresses for matching operations, where the result is a typical allow,
deny or mark designation to packet traffic.
To add or edit a MAC based Firewall Rule policy:
1. Select Configuration > Security > MAC Firewall Rules to display existing MAC Firewall Rule
policies.
Action The following actions are supported:
Log—Events are logged for archive and analysis.
Mark—Modifies certain fields inside the packet and then permits them.
Therefore, mark is an action with an implicit permit.
- VLAN 802.1p priority.
- DSCP bits in the IP header.
- TOS bits in the IP header.
Mark, Log — Conducts both mark and log functions.
Precedence Use the spinner control to specify a precedence for this IP policy between
1-1500. Rules with lower precedence are always applied first to packets.
Description Provide a description to help differentiate it from others with similar
configurations.
NOTE: Once defined, a set of MAC Firewall rules must be applied to an interface to be a
functional filtering tool.