Manualshelf

User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerconnect W-ClearPass Hardware Appliances
241242243244245246247248249250
244 | Configuration Dell Networking W-ClearPass Guest 6.4 | User Guide
The Allowed Access and Denied Access fields are access control lists that determine if a client is permitted to
access this guest self-registration page. You can specify multiple IP addresses and networks, one per line, using
the following syntax:
l 1.2.3.4 – IP address
l 1.2.3.4/24 – IP address with network prefix length
l 1.2.3.4/255.255.255.0 – IP address with explicit network mask
Use the Deny Behavior drop-down list to specify the action to take when access is denied. The Time Access
field allows you to specify the days and times that self-registration is enabled. Times must be entered in 24-
hour clock format. For example:
l Mondays, Wednesdays and Fridays, 8:00 to 17:00
l Weekdays, 6:00 to 18:00
l Weekends 10:00 to 22:00 and Thursday 11:00 to 13:00
The access control rules will be applied in order, from the most specific match to the least specific match.
Access control entries are more specific when they match fewer IP addresses. The most specific entry is a single
IP address (for example, 1.2.3.4), while the least specific entry is the match-all address of 0.0.0.0/0.
As another example, the network address 192.168.2.0/24 is less specific than a smaller network such as
192.168.2.192/26, which in turn is less specific than the IP address 192.168.2.201 (which may also be written
as 192.168.2.201/32).
To determine the result of the access control list, the most specific rule that matches the client’s IP address is
used. If the matching rule is in the Denied Access field, then the client will be denied access. If the matching
rule is in the Allowed Access field, then the client will be permitted access.
If the Allowed Access field is empty, all access will be allowed, except to clients with an IP address that
matches any of the entries in the Denied Access field. This behavior is equivalent to adding the entry
0.0.0.0/0 to the Allowed Access field.
If the Denied Access list is empty, only clients with an IP address that matches one of the entries in the
Allowed Access list will be allowed access. This behavior is equivalent to adding the entry 0.0.0.0/0 to the
Denied Access list.