Reset Search
 

 

Article

How to create an association ACL (MAC ACL) in WiNG Express (Swift UI)

« Go Back

Information

 
TitleHow to create an association ACL (MAC ACL) in WiNG Express (Swift UI)
Objective
How to create an Association ACL (MAC address ACL) on APs using the WiNG Express UI (also called Swift UI)
Environment
  • AP76xx
  • AP75xx
  • AP75xxE
  • AP65xx
  • AP65xxE
  • Wing Express
  • Wing Enterprise APs with Express UI
  • WiNG 5.x
  • Web UI
Procedure
  1. Log into the AP via the Web UI
  2. Under Configuration go the Security
  3. Make sure the "Enable Firewall" box is checked
User-added image
  1. Go down to Wireless Client Association ACL Rules
  2. Click on Add Rule
User-added image
  1. Click on the Edit icon at the far right of the rule
  2. Enter the relevant information of individual or group of wireless clients you'd like to deny/allow access to. Click on the Apply button once done. 
NoteFor individual wireless clients, the Start and End MAC addresses entered should be similar.  
User-added image

Information on each field:
  • Precedence Specify or modify a precedence for this IP policy between 1-1000. Rules with lower precedence are always applied to packets first. If modifying a precedence to apply a higher integer, it will move down the table to reflect its lower priority.
  • Action Every IP firewall rule is made up of matching criteria rules. The action defines what to do with the packet if it matches the specified criteria. The following actions are supported:
  • Deny - Instructs the firewall to stop a packet from its destination.
  • Permit - Instructs the firewall to allow a packet to proceed to its destination.
  • Start MAC Specify the source MAC address or network group configuration used as basic matching criteria for this ACL rule. The source MAC ensures only an authenticated endpoint is allowed to send traffic.
  • End MAC - Specify the destination MAC address or network group configuration used as basic matching criteria for this ACL rule. The end MAC represents the destination MAC address of the packet examined for matching purposes and potential device exclusion.
  • Interface - Use the drop-down menu to specify the interface configurations impacted by the ACL's rule configuration. (WLAN the rule should be applied to). Click on the + sign to add to list. 
  1. There is an explicit Deny All rule at the end of the ACL. If this is a Deny ACL (only Deny access to particular wireless clients), then an Allow All rule must be created and added as the last rule with the highest precedence (There is not need for an Allow All rule if this is an Allow ACL(Only allow access to particular wireless clients)). The Start and End MAC address should be as such:
    1. Start MAC address: 00-00-00-00-00-00
    2. End MAC address: FF-FF-FF-FF-FF-FF
    3. It is recommended to leave some room for expansion between the last rule precedence and the Allow All rule precedence. So if your last rule precedence is 50, make the Allow All rule precedence 100. This will give you room to add 50 more rules before having to change the Allow All rule precedence should you need to
    4. Click on the Apply button once done
User-added image
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255