Creating and Managing Wireless Filter Profiles

This topic describes:

Managing Wireless Filter Profiles

• Create a new wireless Filter profile by clicking Add. For directions, see Creating a Wireless Filter Profile.
• Modify an existing wireless Filter Profile by selecting it and clicking Edit.
• Assign a wireless Filter Profile to controllers by selecting it and clicking Assign. For directions, see Assigning a Wireless Filter Profile to Controllers.
• Reassign a wireless Filter Profile by selecting it and clicking Edit Assignment.
• View information about a wireless Filter profile, including the associated interfaces, by either clicking the profile name or by selecting the profile and clicking Details.
• Delete a wireless Filter profile by selecting a profile and clicking Delete.

  Note: You cannot delete profiles that are in use—that is, profiles assigned to objects or used by other profiles. To see the current assignments for a profile, select the profile and click Details.

• Clone a wireless Filter profile by selecting a profile and clicking Clone.

Table 122 describes the information provided about wireless Filter profiles on the Manage Filter Profiles page. This page lists all Filter profiles defined for your network, regardless of the scope you selected in the network view.

Creating a Wireless Filter Profile

To create a Filter profile, you must provide a filter name and configure at least one term. A term is a collection of one or more match conditions, and actions that the system takes when match conditions are met. A term must have at least one match condition.

Procedure

1. Under Views, select one of these options: Logical View, Location View, Device View or Custom Group View.

   Note: Do not select Dashboard View, Datacenter View, or Topology View.

2. Click in the Network Director banner.
3. From the Tasks pane, expand Wireless, expand Profiles, and then select Filter.

   The Manage Filter Profile window opens, displaying a list of currently configured wireless filters under two tabs, All Profiles and Assigned Profiles.

4. From the Manage Filter Profile window, click Add to add a new profile.

   The Create Filter Profile for Wireless window opens.

5. Complete the settings described in both the online help and in Specifying Settings for a Wireless Filter Profile (WLC).
6. Click Done.

Specifying Settings for a Wireless Filter Profile (WLC)

A Filter profile must have at least one term in it. Each term has only one filtering function. For example, if a term is evaluating the source of packets, then that term cannot also evaluate the protocols used by the packets. Some switch models accommodate multiple terms in one filter. When you have more than one term in a filter, the ordering of the terms is important. The system evaluates multiple filter terms as follows:

• A packet is evaluated against the conditions in the first term of the filter. If the packet matches the conditions in the term, the corresponding action is executed and the evaluation ends. Subsequent terms in the filter are not evaluated.
• If a packet does not match the conditions in the first term, the packet is evaluated against the conditions in the second term. This process continues until either the packet matches conditions in one of the subsequent terms or there are no more terms in the filter. If a match is found, the corresponding action is executed and the evaluation ends. Subsequent terms in the filter are not evaluated.
• If a packet passes through all the terms in the filter without a match, the packet is discarded.

Procedure

1. Specify a Filter Name and Description for the wireless Filter profile.
2. Click Add under Terms to add at least one term to the wireless filter. The Create Term window opens.

   Note: The order of the terms within a Filter profile configuration is important. Packets are tested against each term in the order in which the terms are listed in the Filter profile.

3. Enter the settings described in Table 123 to create a wireless term. Required settings are indicated by a red asterisk (*) that appears next to the field label in the user interface.

   Table 123: Term Fields for Wireless

   Field	Description
   Term name (all)	Provide a name for this term
   Rule type (all)	Select the type of rule (or term) that you want to create. You can create an IP-based rule or a MAC-based rule. The rule type you select affects the rest of the configuration.
   IP Type (IP-based rule)	If you are creating an IP-based rule, indicate the IP type, either IPv4 or IPv6.
   Source IP Address (IP-based rule)	Type the source IP address of the term. This parameter specifies the match conditions for packets that originate from the given IP address.
   Destination IP Address (IP-based rule)	Type the destination IP address of the term. This parameter specifies the match conditions for packets that terminate at the given IP address.
   Protocol (IP-based rule)	Select a protocol for the filter term. Select Any to include packets that use any supported protocols to be part of the rule or select None to discard protocol based filtering. Other options are ICMP, TCP, UDP, and Other. The protocol that you select here affects the rest of the settings in this window.
   	Procedure If you selected ICMP as the protocol: Optionally, change the default protocol number for ICMP, which is 1. Indicate an ICMP Code number. ICMP code specifies more specific information than ICMP type. Because the value’s meaning depends upon the associated ICMP type, you must specify an ICMP type along with an ICMP code. The keywords are grouped by the ICMP type with which they are associated. Indicate an ICMP Type number. ICMP Type specifies the ICMP packet type field. Typically, you specify this match condition in conjunction with the protocol match condition to determine which protocol is being used on the port. Indicate a DSCP number. DSCP filters packets by Differentiated Services Code Point (DSCP) value. You can specify a number from 0 to 63, in decimal or binary format. Note: You cannot use the DSCP option along with the Precedence and ToS options in the same term. Indicate a precedence for the term, either Routine (0), Priority (1), Immediate (2), Flash (3), Flash Override (4), Critical ECP (5), Internet Control (6), Net Control (7) or None (default). Indicate a ToS number. The ToS number specifies the type of service (ToS) level to filter packets. Specify one of the following values, or any sum of these values up to 15: 8—minimum delay 4—maximum throughput 2—maximum reliability 1—minimum monetary cost 0—normal For example, a ToS value of 9 filters packets with the ToS levels minimum delay (8) and minimum monetary cost (1). Note: You cannot use the DSCP option along with the Precedence and ToS options in the same term. Click OK. The term is added to the filter.
   	If you selected TCP or UDP as the protocol: Procedure Optionally, change the default protocol number for TCP (6) or UDP (17). Indicate a source port operator. Options are None (default), Less than, Greater than, Range, Equal, or Not equal. For any option other than None, also indicate a source port name and a source port number. Indicate a destination port operator. Options are None (default), Less than, Greater than, Range, Equal, or Not equal. For any option other than None, also indicate a source port name and a source port number. Indicate a DSCP number. DSCP filters packets by Differentiated Services Code Point (DSCP) value. You can specify a number from 0 to 63, in decimal or binary format. Note: You cannot use the DSCP option with the Precedence and ToS options in the same term. Indicate a precedence for the term, either Routine (0), Priority (1), Immediate (2), Flash (3), Flash Override (4), Critical ECP (5), Internet Control (6), Net Control (7) or None (default). Indicate a ToS number. The ToS number specifies the type of service (ToS) level to filter packets. Specify one of the following values, or any sum of these values up to 15: 8—minimum delay 4—maximum throughput 2—maximum reliability 1—minimum monetary cost 0—normal For example, a ToS value of 9 filters packets with the ToS levels minimum delay (8) and minimum monetary cost (1) Note: You cannot use the DSCP option along with the Precedence and ToS options in the same term. Click OK. The term is added to the filter.
   	If you selected Any as the protocol: Procedure Indicate a DSCP number. DSCP filters packets by Differentiated Services Code Point (DSCP) value. You can specify a number from 0 to 63, in decimal or binary format. Note: You cannot use the DSCP option along with the Precedence and ToS options in the same term. Indicate a precedence for the term, either Routine (0), Priority (1), Immediate (2), Flash (3), Flash Override (4), Critical ECP (5), Internet Control (6), Net Control (7) or None. Indicate a ToS number. The ToS number specifies the type of service (ToS) level to filter packets. Specify one of the following values, or any sum of these values up to 15: 8—minimum delay 4—maximum throughput 2—maximum reliability 1—minimum monetary cost 0—normal For example, a ToS value of 9 filters packets with the ToS levels minimum delay (8) and minimum monetary cost (1) Note: You cannot use the DSCP option along with the Precedence and ToS options in the same term. Click OK. The term is added to the filter.
   Source MAC Address (MAC-based rule)	Type the source MAC address of the term. This parameter specifies the match conditions for packets that originate from the given MAC address.
   Destination MAC Address (MAC-based rule)	Type the destination MAC address of the term. This parameter specifies the match conditions for packets that terminate at the given MAC address.
   EtherType (MAC-based rule)	Specify EtherType filtering for the term. EtherType indicates the protocol that is encapsulated in the payload of an Ethernet Frame. Select Any to include packets that use any EtherType to be part of the rule or None to discard EtherType-based filtering.
   Action	Select the action that the system performs on an IP packet if the match conditions that you specified above are met. Possible actions are Discard and Accept. The default action is to discard the packet. Note: Forwarding Class is enabled only if you select Accept as the action.
   Forwarding Class	Specifies the forwarding class (or output queue) that is to be used for the packet that matches the condition. You can create a new forwarding class or select from a list of available forwarding classes only if you specified the action as Accept. To create a new forwarding class, click Create. The Create Forwarding Class page appears. Specify a name for the forwarding class and the corresponding output queue number and click OK. The system creates a new forwarding class and displays it in the Forwarding Class field in the Create Term page. To select a forwarding class from an existing list of classes, click Select. The Select Forwarding Class page appears. Select the forwarding class that you want to use for the packet and click OK. The system displays the selected forwarding class in the Forwarding Class field in the Create Term page.

   Click OK to save the wireless filter term and return to the Create Filter Profile page.

What To Do Next

• Assign filter profile to a device or cluster. For more information, see Assigning a Wireless Filter Profile to Controllers.
• Link the Filter profile as ingress and egress filters to an Authorization profile. For more information, see Creating and Managing Wireless Authorization Profiles.
• Link the Filter profile as ingress and egress filters to a VLAN profile. For more information, see Creating and Managing VLAN Profiles. You can then assign the VLAN profile to a device, port, or access point in case of a wireless network.

Related Documentation

• Understanding Filter Profiles
• Assigning a Wireless Filter Profile to Controllers
• Network Director Documentation home page