Tsunami MP.11 Installation and Management Model 5012-SUR ...
Tsunami MP.11 Installation and Management Model 5012-SUR ...
Tsunami MP.11 Installation and Management Model 5012-SUR ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Configuration <strong>Tsunami</strong> <strong>MP.11</strong> <strong>5012</strong>-<strong>SUR</strong> <strong>Installation</strong> <strong>and</strong> <strong>Management</strong><br />
Filtering<br />
Filtering<br />
Overview<br />
Click Configure > Filtering to configure packet filtering. Packet filtering can be used to control <strong>and</strong> optimize network<br />
performance.<br />
The Filtering feature can selectively filter specific packets based upon their Ethernet protocol type. Protocol filtering is<br />
done at the Bridge layer.<br />
Protocol filters are useful for preventing bridging of selected protocol traffic from one segment of a network to other<br />
segments (or subnets). You can use this feature both to increase the amount of b<strong>and</strong>width available on your network <strong>and</strong><br />
to increase network security.<br />
Increasing Available B<strong>and</strong>width<br />
It may be unnecessary to bridge traffic from a subnet using IPX/SPX or AppleTalk to a segment of the network with UNIX<br />
workstations. By denying the IPX/SPX AppleTalk traffic from being bridged to the UNIX subnet, the UNIX subnet is free of<br />
this unnecessary traffic.<br />
Increasing Network Security<br />
By bridging IP <strong>and</strong> IP/ARP traffic <strong>and</strong> blocking LAN protocols used by Windows, Novell, <strong>and</strong> Macintosh servers, you can<br />
protect servers <strong>and</strong> client systems on the private local LAN from outside attacks that use those LAN protocols. This type<br />
of filtering also prevents private LAN data from being bridged to an untrusted remote network or the Internet.<br />
To prevent blocking your own access (administrator) to the unit, Proxim recommends that IP (0x800) <strong>and</strong> ARP (0x806)<br />
protocols are always passed through.<br />
Sample Use <strong>and</strong> Validation<br />
Configure the protocol filter to let only IP <strong>and</strong> ARP traffic pass through the <strong>5012</strong>-<strong>SUR</strong> (bridge) from one network segment<br />
to another. Then, attempt to use Windows file sharing across the bridge. The file should not allow sharing; the packets<br />
are discarded by the bridge.<br />
Setting the ARP Filter<br />
There may be times when you need to set the ARP or Multicast. Usually, this is required when there are many nodes on<br />
the wired network that are sending ARP broadcast messages or multicast packets that unnecessarily consume the<br />
wireless b<strong>and</strong>width. The goal of these filters is to allow only necessary ARP <strong>and</strong> multicast traffic through the 1.6 Mbps<br />
wireless pipe.<br />
The TCP/IP Internet Protocol Suite uses a method known as ARP (Address Resolution Protocol) to match a device's<br />
MAC (Media Access Control) address with its assigned IP address. The MAC address is a unique 48-bit identifier<br />
assigned to each hardware device at the factory by the manufacturer. The MAC address is commonly represented as 6<br />
pairs of hexadecimal digits separated by colons. For example, a RangeLAN2 device may have the MAC address of<br />
00:20:A6:33:ED:45.<br />
When devices send data over the network (Ethernet, Token Ring, or wireless), they use the MAC address to identify a<br />
packet's source <strong>and</strong> destination. Therefore, an IP address must be mapped to a MAC address in order for a device to<br />
send a packet to particular IP address. In order to resolve a remote node's IP address with its MAC address, a device<br />
sends out a broadcast packet to all nodes on the network. This packet is known as an ARP request or ARP broadcast<br />
<strong>and</strong> requests that the device assigned a particular IP address respond to the sender with its MAC address.<br />
Because ARP requests are broadcast packets, these packets are forwarded to wireless nodes by default, even if the<br />
packet is not meant for a wireless node. As the number of nodes on a network backbone increases, so does the number<br />
of ARP broadcasts that are forwarded to the wireless nodes. Many of these ARP broadcasts are unnecessary <strong>and</strong> can<br />
84