Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Autonomous Access Point ACL FilterConfiguration
Autonomous Access Point ACL Filter Configuration
The below configurations will provide the info regarding the ACL configuration on the Autonomous APs which will be handy for more things!!
Configuring standard ACL ============================
You can use standard ACLs to allow or disallow the entry of client devices into the WLAN network based on the IP address of the client. Standard ACLs compare the source address of the IP packets to the addresses that are configured in the ACL in order to control traffic. This type of ACL can be referred to as a source IP address-based ACL.
en conf t access-list 10 deny host <ip addr of the client> access-list 10 permit any
en conf t access-list 10 deny host 192.168.10.1 access-list 10 permit any
Apply this to Interface..
Int dot11 0 ip access-group 25 in
Similarly Standard Name ACLs =============================
en conf t ip access-list standard <name> deny host <ip addr> permit any exit
int dot11 0 ip access-group <name> in
en conf t ip access-list standard test deny host 192.168.10.1 permit any exit
int dot11 0 ip access-group test in
EXTENDED ACLs on the AP ========================
Extended ACLs compare the source and destination addresses of the IP packets to the addresses that are configured in the ACL in order to control traffic. Extended ACLs also provide a means to filter traffic based on specific protocols. This provides a more granular control for the implementation of filters on a WLAN network.
Ex - Deny All traffic on AP and allow only DHCP.. (Can be Modified based on your needs and protocols)
en conf t ip access-list extended hi permit udp any any eq bootpc deny ip any any exit
int dot11 0 ip access-group hi in
int dot11 0.X ip access-group hi in
Int gig 0 ip access-group hi in
int gig 0.X ip access-group hi in end
Now TIME BASED ACL!! ===================
Time-based ACLs are ACLs that can be enabled or disabled for a specific period of time. This capability provides robustness and the flexibility to define access control policies that either permit or deny certain kinds of traffic.
This example illustrates how to configure a time-based ACL through the CLI, where Telnet connection is permitted from the inside to the outside network on weekdays during business hours:
Note: A time-based ACL can be defined either on the Fast Ethernet port or on the Radio port of the Aironet AP, based on your requirements. It is never applied on the Bridge Group Virtual Interface (BVI).
Ex shows to allow only telnet access to the AP between the time interval (Can be changed based on the needs)
en conf t time-range hi period weekdays 9:00 to 19:00 ip access-list extended 111 permit tcp 192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet time-range hi exit
int gig 0 ip address 192.168.10.1 255.255.255.0 ip access-group 101 in