ACL
Access Control Lists (ACLs) are a collection of permit and deny conditions, called rules, that provide security by blocking unauthorized users and allowing authorized users to access specific resources. ACLs can block any unwarranted attempts to reach network resources.
The WAP device supports up to 50 IPv4, IPv6, and MAC ACLs and up to 10 rules in each ACL. Each ACL supports multiple interfaces.
IPv4 and IPv6 ACLs
Each ACL is a set of rules applied to traffic received by the WAP device. Each rule specifies whether the contents of a given field should be used to permit or deny access to the network. Rules can be based on various criteria and may apply to one or more fields within a packet, such as the source or destination IP address, the source or destination port, or the protocol carried in the packet. The IP ACLs classify traffic for Layers 3 and 4.
Note |
There is an implicit deny at the end of every rule created. To avoid denying all, we strongly recommend that you add a permit rule to the ACL to allow traffic. |
MAC ACLs
MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect fields of a frame such as the source or destination MAC address, the VLAN ID, or the class of service. When a frame enters the WAP device port, the WAP device inspects the frame and checks the ACL rules against the content of the frame. If any of the rules match the content, a permit or deny action is taken on the frame.
Workflow to Configure ACLs
Use the ACL Rule(s) to configure the ACLs, and then apply the rules to a specified interface.
To configure the ACLs follow these steps:
Procedure
Step 1 |
Select Access Control > ACL. |
Step 2 |
In the ACL Table, click ✚ to add a new row and create an ACL. |
Step 3 |
Enter a name for the ACL. |
Step 4 |
Select the ACL type from the drop down list (IPv4, IPv6 or MAC). |
Step 5 |
Click ✚, select the associated interfaces to apply the ACL, and click OK. If you want to change the associated interfaces, you can click ━ to delete the selected interfaces, and click ✚ to choose the new associated interfaces. |
Step 6 |
Click More to view the ACL's parameters. |
Step 7 |
Next, to configure the rules for the ACL. For IPv4 ACLs, see Configure IPv4 ACLs. For IPv6 ACLs, see Configure IPv6 ACLs. For MAC ACLs, see Configure MAC ACLs. |
Step 8 |
Click Apply to save all changes. |
Configure IPv4 ACLs
To configure an IPv4 ACL:
Procedure
Step 1 |
Select Access Control > ACL. |
||
Step 2 |
Click ✚ to add an ACL. |
||
Step 3 |
In the ACL Name field, enter the name of the ACL. The name is limited to 31 alphanumeric and special characters without any space. |
||
Step 4 |
Choose IPv4 as the ACL Type from the ACL Type list. The IPv4 ACL's control access to the network resources are based on the Layer 3 and Layer 4 criteria. |
||
Step 5 |
Click ✚ and select the associated interfaces to apply the ACL. Click OK. If you want to change the associated interfaces, you can click ━ to delete the selected interface, and click ✚ to choose new associated interfaces. |
||
Step 6 |
Click More... to view the configuration parameters. Click ✚ to add a rule and configure the following:
|
||
Step 7 |
Click OK. The changes are saved to the Startup Configuration.
|
||
Step 8 |
Click Apply. |
Configure IPv6 ACLs
To configure an IPv6 ACL:
Procedure
Step 1 |
Select Access Control > ACL. |
||
Step 2 |
Click ✚ to add an ACL. |
||
Step 3 |
In the ACL Name field, enter the name of the ACL. |
||
Step 4 |
Choose IPv6 as the ACL type from the ACL Type list. The IPv4 ACL's control access to the network resources are based on the Layer 3 and Layer 4 criteria. |
||
Step 5 |
Click ✚ and select the associated interfaces to apply the ACL. Next, click OK. If you want to change the associated interfaces, you can click ━ to delete the selected interface then click ✚ to choose new associated interfaces. |
||
Step 6 |
Click More... to view the configuration parameters. Click ✚ to add a rule and configure the following:
|
||
Step 7 |
Click OK. The changes are saved to the Startup Configuration.
|
||
Step 8 |
Click Apply. |
Configure MAC ACLs
To configure a MAC ACL:
Procedure
Step 1 |
Select Access Control > ACL. |
||
Step 2 |
Click ✚ to add a MAC ACL. |
||
Step 3 |
In the ACL Name field, enter the name to identify the ACL. |
||
Step 4 |
Choose MAC as the type of ACL from the list. MAC ACLs control access based on Layer 2 criteria. |
||
Step 5 |
Click ✚ and select the associated interfaces to apply the ACL and click OK. If you want to change the associated interfaces, you can click ━ to delete the selected interface and then click ✚ to choose new associated interfaces. |
||
Step 6 |
Then, click More... to view the configuration parameters. Click ✚ to add a rule and configure the following parameters:
|
||
Step 7 |
Click OK. The changes are saved to the Startup Configuration.
|
||
Step 8 |
Click Apply. |