Cisco Systems OL-7426-03 quick start About Cisco Wlan Solution WLANs, About Access Control Lists

Ethernet (PoE) capability. This power distribution plan can be used to reduce the cost of individual AP power supplies and related cabling.

About Cisco WLAN Solution WLANs

The Cisco WLAN Solution can control up to 16 Wireless LANs for Cisco 1000 Series Lightweight Access Points. Each WLAN has a separate WLAN ID (1 through 16), a separate WLAN SSID (WLAN Name), and can be assigned unique security policies.

The Cisco 1000 Series lightweight access points broadcast all active Cisco WLAN Solution WLAN SSIDs and enforce the policies defined for each WLAN.

CAUTION: Cisco recommends that you assign one set of VLANs for WLANs and a different set of VLANs for Management Interfaces to ensure that Cisco Wireless LAN Controllers properly route VLAN traffic.

If Management over Wireless is enabled across Cisco WLAN Solution, the Cisco WLAN Solution operator can manage the System across the enabled WLAN using CLI and Telnet (Command Line Interface), http/https (Web User Interface), and SNMP (Cisco Wireless Control System).

To configure the Cisco WLAN Solution WLANs, refer to Configuring WLANs.

About Access Control Lists

The Operating System allows you to define up to 64 Access Control Lists (ACLs), similar to standard firewall Access Control Lists. Each ACL can have up to 64 Rules (filters).

Operators can use ACLs to control client access to multiple VPN servers within a given WLAN. If all the clients on a WLAN must access a single VPN server, use the IPSec/VPN Gateway Passthrough setting in the IPSec Passthrough section.

After they are defined, the ACLs can be applied to the Management Interface, the AP-Manager Inter- face, or any of the Operator-Defined Interfaces.

Refer to Access Control Lists > New in the Web User Interface Online Help or Creating Access Control Lists in the Configuring the Cisco Wireless LAN Controller sections for instructions on how to configure the Access Control Lists.

About Identity Networking

Cisco Wireless LAN Controllers can have the following parameters applied to all clients associating with a particular WLAN: QoS, global or Interface-specific DHCP server, Layer 2 and Layer 3 Security Policies, and default Interface (which includes physical port, VLAN and ACL assignments).

However, the Cisco Wireless LAN Controller can also have individual clients (MAC addresses) override the preset WLAN parameters by using MAC Filtering or by Allowing AAA Override parameters. This configuration can be used, for example, to have all company clients log into the corporate WLAN, and then have clients connect using different QoS, DHCP server, Layer 2 and Layer 3 Security Policies, and Interface (which includes physical port, VLAN and ACL assignments) settings on a per-MAC Address basis.

When Cisco WLAN Solution operators configure MAC Filtering for a client, they can assign a different VLAN to the MAC Address, which can be used to have OS automatically reroute the client to the Management Interface or any of the Operator-Defined Interfaces, each of which have their own VLAN, ACL, DHCP server, and physical port assignments. This MAC Filtering can be used as a coarse version of AAA Override, and normally takes precedence over any AAA (RADIUS or other) Override.