Association ACL

An association ACL is a policy-based ACL that either allows or denies clients from connecting to a controller, service platform or access point managed WLAN. An association ACL affords a system administrator the ability to restrict access by specifying a client MAC address or range of addresses to either include or exclude from WLAN connectivity.

Association ACLs are applied to WLANs as an additional access control mechanism. They can be applied to WLANs from within a WLAN Policy's Advanced Configuration screen. For more information on applying an existing association ACL to a WLAN, see Configuring Advanced WLAN Settings.

Each supported access point model supports 32 association ACLs.

To define an association ACL deployable with a WLAN:

  1. Select Configuration → Wireless → Association ACL to display existing association ACLs.

    Any of the policies listed in the Association Access Control List (ACL) screen can be selected and applied.

    Click to expand in new window
    Association Access Control List (ACL) Screen
  2. Review existing Association ACLs to determine if a new policy warrants creation or an existing policy warrants modification or deletion.
  3. Select Add to define a new ACL configuration, Edit to modify an existing ACL configuration, or Delete to remove one. Select Copy to make a copy of an existing ACL for further modifications. Select Rename to rename an existing ACL.

    An Association ACL screen displays for defining a new ACL or modifying a selected ACL.

    Click to expand in new window
    Association ACL Screen
  4. Select the + Add Row button to add an association ACL template.
  5. Set the following parameters to create or modify the association ACL:
    Association ACL If you are creating an new Association ACL, provide a name specific to its function. Avoid naming it after the WLAN it supports. The name cannot exceed 32 characters.
    Precedence The rules within a WLAN's ACL are applied to packets based on precedence. Every rule has a unique sequential precedence value you define. You cannot add two rules with the same precedence. The default precedence is 1, so be careful to prioritize ACLs accordingly as they are added.
    Starting MAC Address

    Provide a starting client MAC address for non unicast and multicast packet transmissions.

    Ending MAC Address

    Provide an ending client MAC address for non unicast and multicast packet transmissions.

    Allow/Deny Use the drop-down menu to Allow or Deny access if a MAC address matches this rule.
  6. Select the + Add Row button to add MAC address ranges and allow/deny designations.
  7. Click OK to update the association ACL settings. Click Reset to revert to the last saved configuration.