Motorola WiNG 5.5 Reference Manual page 176

5 - 90 WiNG 5.5 Access Point System Reference Guide
8. Firewalls, generally, are configured for all interfaces on a device. When configured, firewalls generate flow tables that
store information on the traffic allowed to traverse through the firewall. These flow tables occupy a large portion of the
limited memory that could be used for other critical purposes. With the per VLAN firewall feature enabled on an interface,
flow tables are only generated for that interface. Flow tables are not generated for those interfaces where this feature is
not enabled. This frees up memory which can be used for other purposes.
Firewalls can be switched off for those interfaces which are known to carry trusted traffic and only enabled on the
interfaces that can provide a vector for an attack on the network. Select the
on this interface.
9. Select the L2 Tunnel Broadcast Optimization
Broadcast Optimization prevents flooding of ARP packets over the virtual interface. Based on the learned information, ARP
packets are filtered at the wireless controller level.
10. Define the following
Bridging Mode
IP Outbound Tunnel ACL
MAC Outbound Tunnel ACL
11. Select Tunnel Over Level 2
12. Define the following
Trust ARP Response
Trust DHCP Responses
Enable Edge VLAN Mode
13. Select the IGMP Snooping
Extended VLAN Tunnel
Specify one of the following bridging mode for use on the VLAN:
• Automatic: Select Automatic mode to let the access point determine the best
bridging mode for the VLAN.
• Local: Select Local to use local bridging mode for bridging traffic on the VLAN.
• Tunnel: Select Tunnel to use a shared tunnel for bridging traffic on the VLAN. Tunnel
must be selected to successfully create a mesh connection between two Standalone
APs.
• isolated-tunnel: Select isolated-tunnel to use a dedicated tunnel for bridging traffic
on the VLAN.
Select an IP Outbound Tunnel ACL for outbound traffic from the drop-down menu. If an
appropriate outbound IP ACL is not available select the create icon to make a new one.
Select a MAC Outbound Tunnel ACL for outbound traffic from the drop-down menu. If
an appropriate outbound MAC ACL is not available select the create icon to make a new
one.
NOTE: If creating a mesh connection between two access points in Standalone AP
mode, Tunnel must be selected as the Bridging Mode to successfully create the mesh
link between the two access points.
to tunnel extended VLAN traffic over level 2 links.
Layer 2 Firewall parameters:
Select this option to use trusted ARP packets to update the DHCP Snoop Table to
prevent IP spoof and arp-cache poisoning attacks. This feature is disabled by default.
Select this option to use DHCP packets from a DHCP server as trusted and permissible
within the network. DHCP packets update the DHCP Snoop Table to prevent IP spoof
attacks. This feature is disabled by default.
Select this option to enable edge VLAN mode. When selected, the IP address in the
VLAN is not used for normal operations, as its now designated to isolate devices and
prevent connectivity. This feature is enabled by default.
tab.
option to prevent flooding of ARP packets on this bridge interface.
parameters:
Per VLAN Firewall option to enable firewall