Configuring WSS System Parameters 215Nortel WLAN—Management Software 2300 Series Reference Guideb In the Organizer panel, click the plus sign next to the WSS.c Click the plus sign next to System.d Select ACLs.2 Select any ACE in the ACL to which you want to add the new ACE.3 In the Task List panel, select Add Rules.4 Go to step 3.Mapping an ACLAn ACL does not take effect until you map it to a user or an interface.You can map ACLs to ports (or port groups), VLANs, or virtual ports. You cannot map an ACL to an AP port or a wiredauthentication port.You also can map ACLs to user, by configuring the filter.in and filter.out user attributes. User-based ACLs are morespecific than ACLs applied to interfaces and are therefore processed first. (See “Authorization Attributes” (page 281).)1 Access the ACL table:a Select the Configuration tool bar option.b In the Organizer panel, click the plus sign next to the WSS.c Click the plus sign next to System.d Select ACLs.2 Select any ACE in the ACL you want to map.3 In the Task List panel, select ACL Mappings.4 Select the mapping type:• To map to a physical port, select port and go to step 5.• To map to a virtual port, select vport and go to step 6.• To map to a VLAN, select vlan and go to step 7.• To map to a Distributed AP, select dap and go to step 8.5 To map an ACL to a port:a In the Port list, select the port or port group to which you want to map the ACL.You cannot map an ACL to an AP port or a wired authentication port.b In the Direction list, select In to filter incoming packets or Out to filter outgoing packets.c Click Finish.6 To map an ACL to a virtual port:a In the Tag Value box, specify the 802.1Q tag value that identifies a virtual port in a VLAN.The tag value can be a number from 1 to 4093. The default value is 1.Make sure that you do not specify duplicate mappings that specify the same port and tag value.b In the port list, select the port to which you want to map the ACL.