Layer 2 ACL configuration on ZD and mapping it to a specific SSID
SummaryThis article explains how to configure a MAC ACL and assig it to a specific SSID.
QuestionHow to allow and deny services for clients according to their MAC addresses (L2 ACL) and mapping to WLAN .
Customer EnvironmentZoneDirector managed wireless network.
Root CauseWant to allow only certain clients to access the wireless network.
ResolutionLayer 2 Access Control Lists (MAC ACLs) filter incoming traffic based on Layer 2 MAC header fields in the Ethernet/IEEE 802.3 frame.
Below are the steps to configure L2 ACL on ZD:
1) Navigate to ZD GUI>>Configure >>Access control. For 10.1 and above release Go to Services & Profiles > Access Control
2) Under L2/MAC Access control, create a new ACL and give it a name.
3) Choose between "Only allow all stations listed below' versus "Only deny all stations listed below" based on your requirement. And then type in all MAC addresses.
Please note that there is a 128 MAC address limitation per ACL.
Mapping the ACL to WLAN :
ZD GUI --> Configure -->WLANs --> Edit the WLAN --> Advanced Options --> Access control --> Choose the L2/MAC ACL from the dropdown (created as per the above procedure).
For 10.1 and above release
ZD GUI -->Wireless LANs > Edit > Advanced Options > Access Control > L2/MAC >Choose the L2/MAC ACL from the dropdown (created as per the above procedure).
Important Note: Make sure that the MAC addresses are correct and be consistent with the mac nomenclature. In other words, chaging all of the mac addresses to lower case for a customer alleviated the issue. He had some mac address of clients and some with all caps, changing all to lower case fixed the issue with allowing the whitelist to work.