Summit WM3000 Series Controller System Reference Guide 319
Configuring Firewalls and Access Control Lists
An Access Control List (ACL) is a a sequential collection of permit and deny conditions that apply to
controller packets. When a packet is received on an interface, the controller compares the fields in the
packet against any applied ACLs to verify the packet has the required permissions to be forwarded,
based on the criteria specified in the access lists.
If a packet does not meet any of the criteria specified in the ACL, the packet is dropped.
Use the Wireless Firewall screen to view, add and configure access control configurations. Typically, an
ACL consists of series of entries called an Access Control Entry (ACE). Each ACE defines the rule which
defines whether the packets needs to be controllered/routed or needs to be dropped. The ACL screen
displays three tabs:
● Security Policy
● Configuration
● Statistics
Each of these tabs has sub tabs which provide configuration options for creating and attaching the
ACLs.
For an overview of how the controller uses an ACL to filter permissions to the controller managed network, go to
“ACL Overview” on page 319.
ACL Overview
An ACL contains an ordered list of Access Control Entries (ACEs). Each ACE specifies an action and a set
of conditions that a packet must satisfy in order to match the ACE. The order of conditions in the list is
critical because the controller stops testing conditions after the first match.
The controller supports the following ACLs to filter traffic:
● Router ACLs — Applied to VLAN (Layer 3) interfaces. These ACLs filter traffic based on Layer 3
parameters like source IP, destination IP, protocol types and port numbers. They are applied on packets
routed through the controller. Router ACLs can be applied to inbound traffic only, not both
directions.
● Port ACLs— Applied to traffic entering a Layer 2 interface. Only controllered packets are subjected to
these kind of ACLs. Traffic filtering is based on Layer 2 parameters like–source MAC, destination
MAC, Ethertype, VLAN-ID, 802.1p bits (OR) Layer 3 parameters like– source IP, destination IP,
protocol, port number.
Port and router ACLs can be applied only in an inbound direction. WLAN ACLs support applying ACLs in the
inbound and outbound direction.
To Next Page
Loading...