WESM zl Management and Configuration Guide WT.01.XX and greater
7-2
Access Control Lists (ACLs)
Overview
Overview
You can configure access control lists (ACLs) on the ProCurve Wireless Edge
Services zl Module to control traffic to and from wireless stations. An ACL is
an ordered list of rules that select packets according to header information
and dictate whether the module should permit (forward) or deny (drop) those
packets.
ACLs allow you to control wireless users’ network rights. You can configure
ACLs for purposes such as:
■ limiting certain groups of wireless users to Internet access only
■ permitting certain groups of wireless users access to a limited list of
network servers
■ limiting certain groups of wireless users to certain types of applications
■ restricting access to a particular private server to a select group of
users only
You can also use ACLs to select traffic for Network Address Translation (NAT).
See Chapter 8: “Configuring Network Address Translation (NAT)” to learn
how to configure this feature of the Wireless Edge Services zl Module’s
firewall.
Stateful ACLs
On the Wireless Edge Services zl Module, ACLs applied to VLAN interfaces
are stateful. In other words, the module tracks traffic associated with a
particular session. Once it has permitted one packet in a session, it permits
all packets necessary for that session. For example, if you create a rule to
permit traffic from wireless stations to an HTTP server, you do not need to
create a rule to permit the HTTP server’s return traffic.
ACLs applied to the physical ports, on the other hand, are not stateful. They
check every packet or frame that arrives on the interface.