Layer 2 ACL configuration on ZD and mapping it to a specific SSID

Summary

This article explains how to configure a MAC ACL and assig it to a specific SSID.

Question

How to allow and deny services for clients according to their MAC addresses (L2 ACL) and mapping to WLAN .

Customer Environment

ZoneDirector managed wireless network.

Root Cause

Want to allow only certain clients to access the wireless network.

Troubleshooting Steps

N.A.

Workaround

N.A.

Resolution

Layer 2 Access Control Lists (MAC ACLs) filter incoming traffic based on Layer 2 MAC header fields in the Ethernet/IEEE 802.3 frame.

Below are the steps to configure L2 ACL on ZD:

1) Navigate to ZD GUI>>Configure >>Access control. For 10.1 and above release Go to Services & Profiles > Access Control

2) Under L2/MAC Access control, create a new ACL and give it a name.

3) Choose between "Only allow all stations listed below' versus "Only deny all stations listed below" based on your requirement. And then type in all MAC addresses.

Please note that there is a 128 MAC address limitation per ACL.

Mapping the ACL to WLAN :

ZD GUI --> Configure -->WLANs --> Edit the WLAN --> Advanced Options --> Access control --> Choose the L2/MAC ACL from the dropdown (created as per the above procedure).

For 10.1 and above release

ZD GUI -->Wireless LANs > Edit > Advanced Options > Access Control > L2/MAC >Choose the L2/MAC ACL from the dropdown (created as per the above procedure).

Important Note: Make sure that the MAC addresses are correct and be consistent with the mac nomenclature. In other words, chaging all of the mac addresses to lower case for a customer alleviated the issue. He had some mac address of clients and some with all caps, changing all to lower case fixed the issue with allowing the whitelist to work.

Article Number:
000002460

Updated:
August 14, 2020 12:01 PM (over 3 years ago)

Tags:
Configuration, Security, ZoneDirector

Votes:
1

This article is:
helpful
not helpful