Using Access Control Lists for Security 34710 Click Close. The Create Mobility Profiles dialog box is active.11 Click Finish to save the changes and close the wizard.Using AccessControl Lists forSecurityAn access control list (ACL) filters packets to restrict or permit networkusage by certain users, network devices, or traffic types. You can alsoassign a class of service (CoS) level, which allows priority handling, topackets. For example, you can use ACLs to enable users to send andreceive packets within an intranet, but restrict incoming packets to theserver that stores confidential salary information.An ACL is an ordered list of access control entries (ACEs) — rules thatspecify how to handle packets. The rule consists of a filter and an action.When a packet matches the filter, the action is applied to the packet.If there are no ACE matches in the ACL, an ACL contains an implicit rulethat denies all access. If there is not at least one ACE that permits accessin an ACL, no traffic will be allowed. The implicit “deny all” rule is alwaysthe last ACE of an ACL.You can choose to count the number of times an ACE is matched. This hitcount is useful for troubleshooting complex ACL configurations and formonitoring traffic load for specific network applications or protocols. Thehit count can only be seen from the CLI. To start updating hit counterstatistics in the CLI, you must first set the hits sampling rate to a nonzerovalue, such as 15 seconds. For more information about security ACLs, seethe Wireless LAN Switch and Controller Configuration Guide.You cannot perform ACL functions that include permitting, denying, ormarking with a Class of Service (CoS) level on packets with a multicast orbroadcast destination address.Creating AccessControl ListsTo create an ACL, you perform the following tasks:■ Set up ACL basic properties.■ Define ACEs.
