Motorola WS5100 Series Cli Reference Manual page 227

When a packet is send from a client to a WLAN index of an access port, it becomes an
inbound traffic to the wireless LAN.
When a packet goes out of a access port, it becomes a outbound traffic to the wireless
LAN index. Apply an ACL to a WLAN index in outbound direction to filter traffic from both
wired and wireless interfaces.
can be attached both in the inbound and outbound directions.
wlan-acl
NOTE: Most of the Wireless LAN related configuration are performed
using the Wireless Instance on page 20-1.
Use
wlan-ac
wireless LAN index .
The last ACE in the access list is an implict deny statement. Whenever the interface
receives the packet, its content is checked against all the ACE's in the ACL. It is allowed/
denied based on the ACL configuration.
Usage Guidelines 2
Follow the procedure mentioned below to upgrade Wireless LAN ACL from 3.0/3.0.1 to
3.0.2 :
WLAN index in ACL rules are configurable in WS5100 3.0/3.0.1. In WS5100 3.0.2, WLAN
is treated as a virtual port and the user has to create ACL rules without WLAN index and
attach ACLs to WLAN port.
While upgrading from WS5100 3.0/3.0.1 to 3.0.2, the ACLs having WLAN index as
selectors are replaced with ACLs without having any WLAN index selectors. After the
completion of the upgrade, user has to apply those ACLs to WLAN port manually.
A sample ACL configuration in 3.0/3.0.1
• Standard IP access list 10
permit host 1.2.3.4 wlan 3 log rule-precedence 10
• Extended IP access list 110
deny icmp host 5.6.7.8 host 5.6.7.9 wlan 4 rule-precedence 10
deny icmp host 5.6.7.8 host 5.6.7.9 rule-precedence 20
• Extended IP access list extacl
permit icmp host 192.172.0.10 any wlan 12 rule-precedence 23
deny icmp any any rule-precedence 33
l (in the global configuration mode) to apply an ACL on a
Global Configuration Commands 5-63