User's Manual Part 2



76JadeOSUserManual

10.7ACL

User access is mainly to issue ACL based on SSID, MAC, flow threshold, bandwidth

control. ACL is important in building secure network, and mainly supports the fol‐

lowingfunctions:

¾ ACLbasedonMACaddress

Configure ACL based on MAC address in AC, which achieve the  black‐list and

white‐listbasedonMACaddress.

Forexample:

Addmac11:22:33:44:55:6intoblack‐list:

(JadeOS) (AP MAC ACL Profile “mac-acl-prof-1”)#list-type deny

(JadeOS) (AP MAC ACL Profile “mac-acl-prof-1”)#mac 11:22:33:44:55:66



Addmac11:22:33:44:55:6intowhite‐list:

(JadeOS) (AP MAC ACL Profile “mac-acl-prof-1”)#list-type accept

(JadeOS) (AP MAC ACL Profile “mac-acl-prof-1”)#mac 11:22:33:44:55:66

¾ Supporttodisconnectnetworkautomaticallybasedonidletrafficmonitor;you

canconfiguretimeandthedefaultvalueis300s.theconfiguringcommandisas

follows:

idle-timeout <300-15300>

¾ SupportACLbasedontrafficthresholdandthedefaultvalueis1KB:

idle-threshold <0-1048576>

ConfiguringACL

ConfiguringACLbasedonIPaddressinACachievesuseraccesscontr ol. Configuring

differentAClsinACcancontroldifferentuseraccess,forexample:youcanmakeuser

inthespecifiedIPsegmentaccessthespecifiednetworksegment.ForACLbasedon

IPaddressisaccordingtoSSID,youcanconfiguredifferentACLsindifferentSSID.

FunctionssupportedbyACL:

¾ MatchsourceIPaddressandnetworksegment

¾ MatchdestinationIPaddressandnetworksegment

¾ MatchspecifiedIPprotocolandrange

¾ MatchsourceportanddestinationportofUDP/TCPprotocol

¾ Supporttheoperationof‘permit’and‘deny’accordingtotheaboverules

Configurationcommand:

anyanyanydeny/permit