Configure Association ACL

About this task

An association ACL is a policy-based ACL that either allows or denies clients from connecting to a controller, service platform or access point managed WLAN. An association ACL affords a system administrator the ability to restrict access by specifying a client MAC address or range of addresses to either include or exclude from WLAN connectivity.

Association ACLs are applied to WLANs as an additional access control mechanism. They can be applied to WLANs from within a WLAN Policy's Advanced Configuration screen. For more information on applying an existing association ACL to a WLAN, see Configure Advanced WLAN Settings.

To define an association ACL deployable with a WLAN:

Procedure

  1. Select Configuration → Wireless → Association ACL to display existing association ACLs.
    Any of the policies listed in the Association Access Control List (ACL) screen can be selected and applied.
    Click to expand in new window
    Association Access Control List (ACL) Screen
  2. Review existing Association ACLs to determine if a new policy warrants creation or an existing policy warrants modification or deletion.
  3. Select Add to define a new ACL configuration, Edit to modify an existing ACL configuration, or Delete to remove one. Select Copy to make a copy of an existing ACL for further modifications. Select Rename to rename an existing ACL.
    An Association ACL screen displays.
    Click to expand in new window
    Association ACL Screen
  4. Select the + Add Row button to add an association ACL template.
  5. Set the following parameters to create or modify the association ACL:
    Association ACL If you are creating an new Association ACL, provide a name specific to its function. Avoid naming it after the WLAN it supports. The name cannot exceed 32 characters.
    Precedence The rules within a WLAN's ACL are applied to packets based on precedence. Every rule has a unique sequential precedence value you define. You cannot add two rules with the same precedence. The default precedence is 1, so be careful to prioritize ACLs accordingly as they are added.
    Starting MAC Address

    Provide a starting MAC address for clients requesting association.
    Ending MAC Address

    Provide an ending MAC address for clients requesting association.
    Allow/Deny Use the drop-down menu to Allow or Deny access if a MAC address matches this rule.
  6. Select the + Add Row button to add MAC address ranges and allow/deny designations.
  7. Click OK to save the changes.
    Click Reset to revert to the last saved configuration.
9036512-01 Rev AB