Configuring Access Rules for a WLAN SSID Profile

The following procedure configures access rule settings for Employee and Voice networks only. If you are creating a new SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile, complete configuring the WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. settings, VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. settings, and security settings, before defining access rules. For more information, see Configuring WLAN Settings for an SSID Profile, Configuring VLAN Settings for a WLAN SSID Profile, and Configuring Security Settings for a WLAN SSID Profile.

You can configure up to 128 access rules for an Employee, Voice, or Guest network using the Instant WebUI or the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..

The following procedure describes how to configure access rules on an Instant AP:

  1. Navigate to Configuration > Networks.
  2. Under Networks, select the network you want to configure and click edit.
  3. Select Access tab. In the Access Rules drop-down list, select one of the following types:
  4. Click Finish.

The following command configures access control rules for a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.:

(Instant AP)(config)# wlan access-rule <name>

(Instant AP)(Access Rule <name>)# rule <dest> <mask> <match> {<protocol> <start-port> <end-port> {permit|deny|src-nat [vlan <vlan_id>|tunnel]|dst-nat{<IP-address> <port>|<port>}}| app <app> {permit|deny}| appcategory <appgrp>|webcategory <webgrp> {permit|deny}| webreputation <webrep> [<option1....option9>]

The following command configures access control rules based on the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# set-role-by-ssid

The following command configures role assignment rules:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# set-role <attribute>{{equals|not-equals|starts-with|ends-with|contains|matches-regular-expression}<operator><role>|value-of}

The following command configures a pre-authentication role:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# set-role-pre-auth <role>

The following command configures machine and user authentication roles:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# set-role-machine-auth <machine_only> <user_only>

The following command configures unrestricted access:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# set-role-unrestricted

Example

The following example configures access rules for a wireless network:

(Instant AP)(config)# wlan access-rule WirelessRule