Acl Configuration - D-Link DWL-3500AP Configuration Manual

1.3

ACL Configuration

The ACL in this scenario prevents wireless clients from accessing the web management
interface of the switch. All other types of traffic is allowed.
1. From the LAN menu, navigate to the Access Control Lists > IP ACL > Access
Profile Settings page.
2. From the IP ACL field, select Create New Extended ACL from the drop-down
menu.
3. Enter 100 in the ACL ID field, then click Submit.
4. From the Rule Configuration page, enter 1 as the Rule ID, Deny as the Action, and
False for Match Every, then click Submit.
5. The screen refreshes with additional fields. Click the Configure button associated
with the appropriate fields and enter the following criteria to deny HTTP traffic from
clients on the Guest Network to the Switch and APs:
• Protocol Keyword: IP
• Source IP Address: 10.90.91.1
• Source IP Mask: 0.0.0.255 (This is a wildcard mask)
• Destination IP Address: 10.90.90.1
• Destination IP Mask: 0.0.0.255
• Destination L4 Port: http
6. Create a new rule, enter 2 as the Rule ID, Permit as the Action, and True for Match
Every, then click Submit. The reason for this second rule is that an ACL has an
implicit "deny all" rule at the end. ACL rules are checked in order and the action of
the first to match the flow is taken. If no match occurs, the packet will be dropped.