Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating and Managing Wireless Filter Profiles

    Filter profiles are a set of rules that determine whether to accept or discard packets transiting on either a switch or wireless radio interface.

    Use the Manage Filter Profiles page to create new wireless Filter Profiles and manage existing wireless Filter Profiles.

    This topic describes:

    Managing Wireless Filter Profiles

    From the Manage Filter Profiles page, you can:

    • Create a new wireless Filter profile by clicking Add. For directions, see Creating a Wireless Filter Profile.
    • Modify an existing wireless Filter Profile by selecting it and clicking Edit.
    • Assign a wireless Filter Profile to controllers by selecting it and clicking Assign. For directions, see Assigning a Wireless Filter Profile to Controllers.
    • Reassign a wireless Filter Profile by selecting it and clicking Edit Assignment.
    • View information about a wireless Filter profile, including the associated interfaces, by either clicking the profile name or by selecting the profile and clicking Details.
    • Delete a wireless Filter profile by selecting a profile and clicking Delete.

      Tip: You cannot delete profiles that are in use—that is, profiles assigned to objects or used by other profiles. To see the current assignments for a profile, select the profile and click Details.

    • Clone a wireless Filter profile by selecting a profile and clicking Clone.

    Table 1 describes the information provided about wireless Filter profiles on the Manage Filter Profiles page. This page lists all Filter profiles defined for your network, regardless of the scope you selected in the network view.

    Table 1: Manage Filter Profile Fields

    Field

    Description

    Profile Name

    Name given to the profile when the profile was created.

    Family Type

    Wireless (WLC)

    Description

    Description of the profile entered when the profile was created.

    Tip: To display the entire description, you might need to resize the Description column by clicking the column border in the heading and dragging it.

    Filter Family

    NA (for wireless).

    Assignment State

    The assignment state can be:

    • Unassigned—When the profile is not assigned to any object.
    • Deployed—When the profile is assigned and is deployed from Deploy mode.
    • Pending Deployment—When the profile is assigned, but not yet deployed in the network.

    Creation Time

    Date and time when the profile was created.

    Last Updated Time

    Date and time when the profile was last modified.

    User Name

    The username of the user who created or modified the profile.

    Tip: All columns might not be displayed. To show or hide fields in the table, click the down arrow on the field header, select Columns, and select or clear the check box adjacent to the field that you want to show or hide.

    Creating a Wireless Filter Profile

    To create a Filter profile, you must provide a filter name and configure at least one term. A term is a collection of one or more match conditions, and actions that the system takes when match conditions are met. A term must have at least one match condition.

    To create a wireless Filter Profile:

    1. Under Views, select one of these options: Logical View, Location View, Device View or Custom Group View.

      Tip: Do not select Dashboard View, Datacenter View, or Topology View.

    2. Click in the Network Director banner.
    3. From the Tasks pane, expand Wireless, expand Profiles, and then select Filter.

      The Manage Filter Profile window opens, displaying a list of currently configured wireless filters under two tabs, All Profiles and Assigned Profiles.

    4. From the Manage Filter Profile window, click Add to add a new profile.

      The Create Filter Profile for Wireless window opens.

    5. Complete the settings described in both the online help and in Specifying Settings for a Wireless Filter Profile (WLC).
    6. Click Done.

    Specifying Settings for a Wireless Filter Profile (WLC)

    A Filter profile must have at least one term in it. Each term has only one filtering function. For example, if a term is evaluating the source of packets, then that term cannot also evaluate the protocols used by the packets. Some switch models accommodate multiple terms in one filter. When you have more than one term in a filter, the ordering of the terms is important. The system evaluates multiple filter terms as follows:

    • A packet is evaluated against the conditions in the first term of the filter. If the packet matches the conditions in the term, the corresponding action is executed and the evaluation ends. Subsequent terms in the filter are not evaluated.
    • If a packet does not match the conditions in the first term, the packet is evaluated against the conditions in the second term. This process continues until either the packet matches conditions in one of the subsequent terms or there are no more terms in the filter. If a match is found, the corresponding action is executed and the evaluation ends. Subsequent terms in the filter are not evaluated.
    • If a packet passes through all the terms in the filter without a match, the packet is discarded.

    To configure a Filter profile on a controller:

    1. Specify a Filter Name and Description for the wireless Filter profile.
    2. Click Add under Terms to add at least one term to the wireless filter. The Create Term window opens.

      Tip: The order of the terms within a Filter profile configuration is important. Packets are tested against each term in the order in which the terms are listed in the Filter profile.

    3. Enter the settings described in Table 2 to create a wireless term. Required settings are indicated by a red asterisk (*) that appears next to the field label in the user interface.

      Table 2: Term Fields for Wireless

      Field

      Description

      Term name
      (all)

      Provide a name for this term

      Rule type
      (all)

      Select the type of rule (or term) that you want to create. You can create an IP-based rule or a MAC-based rule. The rule type you select affects the rest of the configuration.

      IP Type
      (IP-based rule)

      If you are creating an IP-based rule, indicate the IP type, either IPv4 or IPv6.

      Source IP Address
      (IP-based rule)

      Type the source IP address of the term. This parameter specifies the match conditions for packets that originate from the given IP address.

      Destination IP Address
      (IP-based rule)

      Type the destination IP address of the term. This parameter specifies the match conditions for packets that terminate at the given IP address.

      Protocol
      (IP-based rule)

      Select a protocol for the filter term. Select Any to include packets that use any supported protocols to be part of the rule or select None to discard protocol based filtering. Other options are ICMP, TCP, UDP, and Other. The protocol that you select here affects the rest of the settings in this window.

      If you selected ICMP as the protocol:

      1. Optionally, change the default protocol number for ICMP, which is 1.
      2. Indicate an ICMP Code number. ICMP code specifies more specific information than ICMP type. Because the value’s meaning depends upon the associated ICMP type, you must specify an ICMP type along with an ICMP code. The keywords are grouped by the ICMP type with which they are associated.
      3. Indicate an ICMP Type number. ICMP Type specifies the ICMP packet type field. Typically, you specify this match condition in conjunction with the protocol match condition to determine which protocol is being used on the port.
      4. Indicate a DSCP number. DSCP filters packets by Differentiated Services Code Point (DSCP) value. You can specify a number from 0 to 63, in decimal or binary format.

        Note: You cannot use the DSCP option along with the Precedence and ToS options in the same term.

      5. Indicate a precedence for the term, either Routine (0), Priority (1), Immediate (2), Flash (3), Flash Override (4), Critical ECP (5), Internet Control (6), Net Control (7) or None (default).
      6. Indicate a ToS number. The ToS number specifies the type of service (ToS) level to filter packets. Specify one of the following values, or any sum of these values up to 15:
        • 8—minimum delay
        • 4—maximum throughput
        • 2—maximum reliability
        • 1—minimum monetary cost
        • 0—normal

        For example, a ToS value of 9 filters packets with the ToS levels minimum delay (8) and minimum monetary cost (1).

        Note: You cannot use the DSCP option along with the Precedence and ToS options in the same term.

      7. Click OK.

        The term is added to the filter.

      If you selected TCP or UDP as the protocol:

      1. Optionally, change the default protocol number for TCP (6) or UDP (17).
      2. Indicate a source port operator. Options are None (default), Less than, Greater than, Range, Equal, or Not equal. For any option other than None, also indicate a source port name and a source port number.
      3. Indicate a destination port operator. Options are None (default), Less than, Greater than, Range, Equal, or Not equal. For any option other than None, also indicate a source port name and a source port number.
      4. Indicate a DSCP number. DSCP filters packets by Differentiated Services Code Point (DSCP) value. You can specify a number from 0 to 63, in decimal or binary format.

        Note: You cannot use the DSCP option with the Precedence and ToS options in the same term.

      5. Indicate a precedence for the term, either Routine (0), Priority (1), Immediate (2), Flash (3), Flash Override (4), Critical ECP (5), Internet Control (6), Net Control (7) or None (default).
      6. Indicate a ToS number. The ToS number specifies the type of service (ToS) level to filter packets. Specify one of the following values, or any sum of these values up to 15:
        • 8—minimum delay
        • 4—maximum throughput
        • 2—maximum reliability
        • 1—minimum monetary cost
        • 0—normal

        For example, a ToS value of 9 filters packets with the ToS levels minimum delay (8) and minimum monetary cost (1)

        Note: You cannot use the DSCP option along with the Precedence and ToS options in the same term.

      7. Click OK.

        The term is added to the filter.

      If you selected Any as the protocol:

      1. Indicate a DSCP number. DSCP filters packets by Differentiated Services Code Point (DSCP) value. You can specify a number from 0 to 63, in decimal or binary format.

        Note: You cannot use the DSCP option along with the Precedence and ToS options in the same term.

      2. Indicate a precedence for the term, either Routine (0), Priority (1), Immediate (2), Flash (3), Flash Override (4), Critical ECP (5), Internet Control (6), Net Control (7) or None.
      3. Indicate a ToS number. The ToS number specifies the type of service (ToS) level to filter packets. Specify one of the following values, or any sum of these values up to 15:
        • 8—minimum delay
        • 4—maximum throughput
        • 2—maximum reliability
        • 1—minimum monetary cost
        • 0—normal

        For example, a ToS value of 9 filters packets with the ToS levels minimum delay (8) and minimum monetary cost (1)

        Note: You cannot use the DSCP option along with the Precedence and ToS options in the same term.

      4. Click OK.

        The term is added to the filter.

      Source MAC Address
      (MAC-based rule)

      Type the source MAC address of the term. This parameter specifies the match conditions for packets that originate from the given MAC address.

      Destination MAC Address
      (MAC-based rule)

      Type the destination MAC address of the term. This parameter specifies the match conditions for packets that terminate at the given MAC address.

      EtherType
      (MAC-based rule)

      Specify EtherType filtering for the term. EtherType indicates the protocol that is encapsulated in the payload of an Ethernet Frame. Select Any to include packets that use any EtherType to be part of the rule or None to discard EtherType-based filtering.

      Action

      Select the action that the system performs on an IP packet if the match conditions that you specified above are met. Possible actions are Discard and Accept. The default action is to discard the packet.

      Note: Forwarding Class is enabled only if you select Accept as the action.

      Forwarding Class

      Specifies the forwarding class (or output queue) that is to be used for the packet that matches the condition. You can create a new forwarding class or select from a list of available forwarding classes only if you specified the action as Accept.

      To create a new forwarding class, click Create. The Create Forwarding Class page appears. Specify a name for the forwarding class and the corresponding output queue number and click OK. The system creates a new forwarding class and displays it in the Forwarding Class field in the Create Term page.

      To select a forwarding class from an existing list of classes, click Select. The Select Forwarding Class page appears. Select the forwarding class that you want to use for the packet and click OK. The system displays the selected forwarding class in the Forwarding Class field in the Create Term page.

      Click OK to save the wireless filter term and return to the Create Filter Profile page.

    What To Do Next

    After you create a Filter profile, you can do one of the following:

    Modified: 2016-12-08