45
XYR400E Ethernet Modem
Version 1
5/1/08
3.12
Wireless Message Filtering
When configured as a Bridge, the XYR 400E will transmit all broadcast messages appearing at its
wired Ethernet port. When the XYR 400E is configured as a Router, this does not occur.
In many cases, the intended recipient of the broadcast traffic does not lie at the opposite end of a
proposed radio link. Reducing unnecessary broadcast traffic sent over the radio link, will increase
available bandwidth for data. The XYR 400E has a filtering feature to help reduce unnecessary
wireless transmissions and enhance security.
The XYR 400E may be configured to reject or accept messages to and from certain Addresses. To
accept wireless messages from particular devices a “Whitelist” of Addresses must be made.
Alternatively to reject messages from particular devices, a “Blacklist” of Addresses must be made.
Filtering applies only to messages appearing at the wired Ethernet port of the configured XYR
400E.
The Filter comprises of two lists: one of MAC Addresses and another listing IP protocol details.
Each list may be set as either a blacklist (to block traffic for listed devices and protocols), or as a
whitelist (to allow traffic for listed devices and protocols). The Filter operates on two rules listed
below.
1. A Blacklist has priority over a whitelist. Traffic matching detail in a blacklist will be discarded if
it also appears in a whitelist.
2. When one or both lists are whitelists, traffic must have matching detail in at least one of the
whitelists for it to be passed. Note that, as this must agree with rule 1 above, the traffic detail must
not match anything in a blacklist, if present, for it to be passed.
When configuring a Whitelist it is important to add the Addresses of all devices connected to the
XYR 400E wired Ethernet port, that communicate over the wireless link. It is particularly important
to add the Address of the configuration PC to the Whitelist. Failure to add this address will prevent
the configuration PC from making any further changes to configuration. Design of the filter may be
simplified by monitoring network traffic and forming a profile of traffic on the wired network.
Network Analysis software, such as the freely available Ethereal program, will list broadcast traffic
sent on the network.
For example, Computer B sees the computer D via Ethernet Modems C & E. The White Filtering
requires that at Modem C has computer B in its white list, Modem E has computer D in its
Whitelist. Computer A will be not be able to access Computer D, as Computer A is not present in
the Whitelist in Modem C.
LAN
Client
Bridge
Access Point
Bridge
A
192.168.0.34
192.168.0.72
192.168.0.72
B
C
D
E