C H A P T E R
8
Access Control
This chapter describes how to configure the ACL and the quality of service (QoS) feature on the WAP device.
It contains the following topics:
•
•
•
ACL
Access Control Lists (ACLs) are a collection of permit and deny conditions, called rules, that provide security
by blocking unauthorized users and allowing authorized users to access specific resources. ACLs can block
any unwarranted attempts to reach network resources.
The WAP device supports up to 50 IPv4, IPv6, and MAC ACLs and up to 10 rules in each ACL. Each ACL
supports multiple interfaces.
IPv4 and IPv6 ACLs
Each ACL is a set of rules applied to traffic received by the WAP device. Each rule specifies whether the
contents of a given field should be used to permit or deny access to the network. Rules can be based on various
criteria and may apply to one or more fields within a packet, such as the source or destination IP address, the
source or destination port, or the protocol carried in the packet. The IP ACLs classify traffic for Layers 3 and
4.
There is an implicit deny at the end of every rule created. To avoid denying all, we strongly recommend that
you add a permit rule to the ACL to allow traffic.
Note
MAC ACLs
MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect fields of a frame such as the source or
destination MAC address, the VLAN ID, or the class of service. When a frame enters the WAP device port,
the WAP device inspects the frame and checks the ACL rules against the content of the frame. If any of the
rules match the content, a permit or deny action is taken on the frame.
Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide
81
