3Com 3CRWX440095A, 3CRWX120695A, CRWXR10095A manual Configuring Wireless Services

84CHAPTER 3: CONFIGURING WIRELESS SERVICES

Configure Access You can control access using security access control lists (ACLs). Security Control Lists ACLs permit or deny traffic based on IP protocol, IP addresses and,

optionally, TCP or UDP port. They also can be used to set type-of-service (TOS) and class-of-service (CoS) values in a packet.

Suggested uses for ACLs include restricting guest access from your intranet, or restricting guests from communicating with each other (using an IP access control entry).

You create an ACL by defining a series of access control entries (ACEs).

ACEs are processed in the order in which they are added to the ACL.

Generally, more specific checks are performed before general checks.

Because of this, the order of the ACE is important within the ACL.

You can add the following types of ACEs to an ACL:

„IP—Filters packets by source and destination IP addresses, type of TOS, or precedence.

„TCP—Filters packets by established TCP connections, source and destination IP addresses, TOS, precedence, or TCP source and destination ports.

„ICMP—Filters packets by source and destination IP addresses, TOS, precedence, ICMP type, or ICMP code.

„UDP—Filters packets by source and destination IP addresses, TOS, precedence, or UDP source and destination ports.

„Layer 4 Protocol—Filters packets by source and destination IP addresses, TOS, precedence, or Layer 4 protocol.

After creating an ACL, you can assign it to users created in the local WX user database or users who are authenticated and authorized by a RADIUS server. You assign the name of the ACL by using the Filter-Id.in and Filter-Id.out RADIUS attributes. Assign the Filter-Id.in RADIUS attribute with the name of an ACL that filters incoming packets. Assign the Filter-Id.out RADIUS attribute with the name of an ACL that filters outgoing packets. The ACL name must have an .in or .out suffix.