Cisco Cisco WAP571 Wireless-AC N Premium Dual Radio Access Point with PoE 관리 매뉴얼
ACL
ACL Rule
Cisco WAP571/E Administration Guide
141
9
STEP 3
Choose MAC as the type of ACL from the ACL Type list. MAC ACLs control access
based on Layer 2 criteria.
based on Layer 2 criteria.
STEP 4
Click Add ACL.
STEP 5
In the ACL Rule Configuration area, configure these ACL rule parameters:
•
ACL Name-ACL Type—Choose the ACL to configure with the new rule.
•
Rule—Choose New Rule to configure a new rule for the selected ACL.
When an ACL has multiple rules, the rules are applied to the packet or frame
in the order in which you add them to the ACL. There is an implicit deny all
rule as the final rule.
When an ACL has multiple rules, the rules are applied to the packet or frame
in the order in which you add them to the ACL. There is an implicit deny all
rule as the final rule.
•
Action—Choose whether the ACL rule permits or denies an action.
•
When you choose Permit, the rule allows all traffic that meets the rule
criteria to enter the WAP device. Traffic that does not meet the criteria is
dropped.
criteria to enter the WAP device. Traffic that does not meet the criteria is
dropped.
•
When you choose Deny, the rule blocks all traffic that meets the rule criteria
from entering the WAP device. Traffic that does not meet the criteria is
forwarded unless this rule is the final rule. Because there is an implicit deny
all rule at the end of every ACL, traffic that is not explicitly permitted is
dropped.
from entering the WAP device. Traffic that does not meet the criteria is
forwarded unless this rule is the final rule. Because there is an implicit deny
all rule at the end of every ACL, traffic that is not explicitly permitted is
dropped.
•
Match Every Packet—If enabled, the rule, which either has a permit or
deny action, matches the frame or packet regardless of its contents. If you
enable this feature, you cannot configure any additional match criteria. This
option is selected by default for a new rule. You must disable the option to
configure other match fields.
deny action, matches the frame or packet regardless of its contents. If you
enable this feature, you cannot configure any additional match criteria. This
option is selected by default for a new rule. You must disable the option to
configure other match fields.
•
EtherType—Choose to compare the match criteria against the value in the
header of an Ethernet frame. You can select an EtherType keyword or enter
an EtherType value to specify the match criteria.
header of an Ethernet frame. You can select an EtherType keyword or enter
an EtherType value to specify the match criteria.
-
Select from List—Choose one of these protocol types: appletalk, arp,
ipv4, ipv6, ipx, netbios, pppoe.
ipv4, ipv6, ipx, netbios, pppoe.
-
Match to Value—Enter a custom protocol identifier to which packets are
matched. The value is a four-digit hexadecimal number in the range of
0600 to FFFF.
matched. The value is a four-digit hexadecimal number in the range of
0600 to FFFF.
•
Class of Service—Enter an 802.1p user priority to compare against an
Ethernet frame. The valid range is from 0 to 7. This field is located in the first/
only 802.1Q VLAN tag.
Ethernet frame. The valid range is from 0 to 7. This field is located in the first/
only 802.1Q VLAN tag.