CLI Reference Guide
Using Access Control Lists for Security 307
9 Click Choose Available and select a Distributed MAP. Repeat for each
Distributed MAP.
10 Click Close. The Create Mobility Profiles dialog box is active.
11 Click Finish to save the changes and close the wizard.
Using Access
Control Lists for
Security
An access control list (ACL) filters packets to restrict or permit network
usage by certain users, network devices, or traffic types. You can also
assign a class of service (CoS) level, which allows priority handling, to
packets. For example, you can use ACLs to enable users to send and
receive packets within an intranet, but restrict incoming packets to the
server that stores confidential salary information.
An ACL is an ordered list of access control entries (ACEs) — rules that
specify how to handle packets. The rule consists of a filter and an action.
When a packet matches the filter, the action is applied to the packet.
If there are no ACE matches in the ACL, an ACL contains an implicit rule
that denies all access. If there is not at least one ACE that permits access
in an ACL, no traffic will be allowed. The implicit “deny all” rule is always
the last ACE of an ACL.
You can choose to count the number of times an ACE is matched. This
hit count is useful for troubleshooting complex ACL configurations and
for monitoring traffic load for specific network applications or protocols.
The hit count can only be seen from the CLI. To start updating hit counter
statistics in the CLI, you must first set the hits sampling rate to a nonzero
value, such as 15 seconds. For more information about security ACLs, see
the Wireless LAN Switch and Controller Configuration Guide.
You cannot perform ACL functions that include permitting, denying, or
marking with a Class of Service (CoS) level on packets with a multicast or
broadcast destination address.
Creating Access
Control Lists
To create an ACL, you perform the following tasks:
Set up ACL basic properties.
Define ACEs.