Siemens SCALANCE W1750D UI Configuration Manual page 369

7. Click OK and then click Finish.
In the CLI
To configure access rules:
(scalance)(config)# wlan access-rule <access-rule-name>
(scalance)(Access Rule <Name>)#rule <dest> <mask> <match/invert> {app <app>
{permit|deny}
|appcategory <appgrp>}[<option1....option9>]
(scalance)(Access Rule <Name>)# end (scalance)# commit apply
SCALANCE W1750D UI
Configuration Manual, 02/2018, C79000-G8976-C451-02
22.5 Configuring ACL Rules for Application and Application Categories
Service Category Description
Destination Select a destination option for the access rules for network services, applica-
tions, and application categories. You can allow or deny access to any the
following destinations based on your requirements.
to all destinations—Access is allowed or denied to all destinations.
•
to a particular server—Access is allowed or denied to a particular server.
•
After selecting this option, specify the IP address of the destination serv-
er.
except to a particular server—Access is allowed or denied to servers
•
other than the specified server. After selecting this option, specify the IP
address of the destination server.
to a network—Access is allowed or denied to a network. After selecting
•
this option, specify the IP address and netmask for the destination net-
work.
except to a network—Access is allowed or denied to networks other than
•
the specified network. After selecting this option, specify the IP address
and netmask of the destination network.
to domain name—Access is allowed or denied to the specified domains.
•
After selecting this option, specify the domain name in the Domain Name
text box.
to master IP—Access is allowed or denied to the master IP address.
•
Log Select this check box to create a log entry when this rule is triggered.
SCALANCE W supports firewall-based logging function. Firewall logs on the
APs are generated as security logs.
Blacklist Select the Blacklist check box to blacklist the client when this rule is triggered.
The blacklisting lasts for the duration specified in Auth failure blacklist time on
the Blacklisting tab of the Security window. For more information, see Black-
listing Clients (Page 235).
Disable scanning Select Disable scanning check box to disable ARM scanning when this rule is
triggered.
The selection of the Disable scanning applies only if ARM scanning is ena-
bled. For more information, see Configuring Radio Settings (Page 351).
DSCP tag Select the DSCP tag check box to specify a DSCP value to prioritize traffic
when this rule is triggered. Specify a value within the range of 0–63. To as-
sign a higher priority, specify a higher value.
802.1p priority Select the 802.1p priority check box to specify an 802.1p priority. Specify a
value between 0 and 7. To assign a higher priority, specify a higher value.
Deep Packet Inspection and Application Visibility
369