System administrators can use an association ACL to grant or restrict wireless clients access to the WLAN by specifying client MAC addresses or range of MAC addresses to either include or exclude from controller connectivity. Association ACLs are applied to WLANs as an additional access control mechanism.
Use the (config) instance to configure the association ACL policy. To navigate to the association-acl-policy instance, use the following commands:
<DEVICE>(config)#association-acl-policy <POLICY-NAME>
nx9500-6C8809(config)#association-acl-policy test nx9500-6C8809(config-assoc-acl-test)#? Association ACL Mode commands: deny Specify MAC addresses to be denied no Negate a command or set its defaults permit Specify MAC addresses to be permitted clrscr Clears the display screen commit Commit all changes made in this session do Run commands from Exec mode end End current mode and change to EXEC mode exit End current mode and down to previous mode help Description of the interactive help system revert Revert changes service Service Commands show Show running system information write Write running configuration to memory or terminal nx9500-6C8809(config-assoc-acl-test)#
Note
If creating an new association ACL policy, provide a name specific to its function. Avoid naming it after a WLAN it may support. The name cannot exceed 32 characters.Before defining an association ACL policy and applying it to a WLAN, refer to the following deployment guidelines to ensure the configuration is optimally effective: