Filter
Top Products
84 CHAPTER 3: CONFIGURING WIRELESS SERVICES
Configure Access
Control Lists
You can control access using security access control lists (ACLs). Security
ACLs permit or deny traffic based on IP protocol, IP addresses and,
optionally, TCP or UDP port. They also can be used to set type-of-service
(TOS) and class-of-service (CoS) values in a packet.
Suggested uses for ACLs include restricting guest access from your
intranet, or restricting guests from communicating with each other (using
an IP access control entry).
You create an ACL by defining a series of access control entries (ACEs).
ACEs are processed in the order in which they are added to the ACL.
Generally, more specific checks are performed before general checks.
Because of this, the order of the ACE is important within the ACL.
You can add the following types of ACEs to an ACL:
IP—Filters packets by source and destination IP addresses, type of
TOS, or precedence.
TCP—Filters packets by established TCP connections, source and
destination IP addresses, TOS, precedence, or TCP source and
destination ports.
ICMP—Filters packets by source and destination IP addresses, TOS,
precedence, ICMP type, or ICMP code.
UDP—Filters packets by source and destination IP addresses, TOS,
precedence, or UDP source and destination ports.
Layer 4 Protocol—Filters packets by source and destination IP
addresses, TOS, precedence, or Layer 4 protocol.
After creating an ACL, you can assign it to users created in the local WX
user database or users who are authenticated and authorized by a
RADIUS server. You assign the name of the ACL by using the Filter-Id.in
and Filter-Id.out RADIUS attributes. Assign the Filter-Id.in RADIUS
attribute with the name of an ACL that filters incoming packets. Assign
the Filter-Id.out RADIUS attribute with the name of an ACL that filters
outgoing packets. The ACL name must have an .in or .out suffix.