
Chapter 1 Overview
Access Control Lists
Access Control Lists
The operating system allows you to define up to 64 Access Control Lists (ACLs), similar to standard firewall Access Control Lists. Each ACL can have up to 64 Rules (filters).
Operators can use ACLs to control client access to multiple VPN servers within a given wireless LAN. If all the clients on a wireless LAN must access a single VPN server, use the IPSec/VPN Gateway Passthrough setting, described in the “Security Overview” section on page
After they are defined, the ACLs can be applied to the management interface, the
Refer to Access Control Lists > New in the Web User Interface Online Help for instructions on configuring Access Control Lists.
Identity Networking
Cisco Wireless LAN Controllers can have the following parameters applied to all clients associating with a particular wireless LAN: QoS, global or
However, the Cisco Wireless LAN Controller can also have individual clients (MAC addresses) override the preset wireless LAN parameters by using MAC Filtering or by Allowing AAA Override parameters. This configuration can be used, for example, to have all company clients log into the corporate wireless LAN, and then have clients connect using different QoS, DHCP server, Layer 2 and Layer 3 Security Policies, and Interface (which includes physical port, VLAN and ACL assignments) settings on a
When Cisco Wireless LAN Solution operators configure MAC Filtering for a client, they can assign a different VLAN to the MAC Address, which can be used to have operating system automatically reroute the client to the management interface or any of the
Override.
However, when Allow AAA Override is enabled, the RADIUS (or other AAA) server can alternatively be configured to return QoS and ACL on a
Note that in all cases, the Override parameters
In all cases, the operating system will use QoS and ACL provided by the AAA server or MAC Filtering regardless of the Layer 2 and/or Layer 3 authentication used.
Also note that the operating system will only move clients from the default Cisco WLAN Solution wireless LAN VLAN to a different VLAN when configured for MAC filtering, 802.1X, and/or WPA Layer 2 authentication.
To configure the Cisco WLAN Solution wireless LANs, refer to the “Configuring Wireless LANs” section on page
Cisco Wireless LAN Controller Configuration Guide
| ||
|