WESM zl Management and Configuration Guide WT.01.28 and greater
7-2
Access Control Lists (ACLs)
Overview
Overview
You can configure access control lists (ACLs) on the ProCurve Wireless Edge
Services zl Module to control traffic to and from wireless stations. An ACL is an
ordered list of rules that select packets according to header information and dictate
whether the module should permit (forward) or deny (drop) those packets.
ACLs allow you to control wireless users’ network rights. You can configure ACLs
for purposes such as:
■ limiting certain groups of wireless users to Internet access only
■ permitting certain groups of wireless users access to a limited list of network
servers
■ limiting certain groups of wireless users to certain types of applications
■ restricting access to a particular private server to a select group of users only
You can also use ACLs to select traffic for Network Address Translation (NAT). See
Chapter 8: “Configuring Network Address Translation (NAT)” to learn how to
configure this feature of the Wireless Edge Services zl Module’s firewall.
Stateful ACLs
On the Wireless Edge Services zl Module, ACLs applied to VLAN interfaces are
stateful. In other words, the module tracks traffic associated with a particular session.
Once it has permitted one packet in a session, it permits all packets necessary for that
session. For example, if you create a rule to permit traffic from wireless stations to
an HTTP server, you do not need to create a rule to permit the HTTP server’s return
traffic.
ACLs applied to the physical ports, on the other hand, are not stateful. They check
every packet or frame that arrives on the interface.