Wireless ACL (Access control list)
From wiliGear wiki
Description
Access Control List is a list of permissions attached to an object. The list specifies who or what is allowed to access the object. In our typical ACL, there are three rules you can set on access point: open(default), allow, deny. The first one means, that no ACL will be used and acl mac entries will be ignored. Policy "allow" means that all clients are allowed except the ones in a list. Policy "deny" means that all clients are denied, only the ones in a list are allowed. There is an example bellow.
Network topology
Configuration sample
########################################### # Configuration file created by WILIBOX UAB # HW: XScale family # Access control list # Updated 2007-06-12 ########################################### # Section: ssh sshd.status=enabled sshd.port=22 # Section: users users.status=enabled users.1.status=enabled users.1.name=admin users.1.password=oHSl3yqR.t1uQ # Section: httpd httpd.status=enabled httpd.backlog=100 httpd.external.status=disabled httpd.max.connections=50 httpd.max.request=51200 httpd.port.admin=444 httpd.port.https=443 # Section: forker forker.status=enabled # Section: syslog syslog.status=enabled syslog.file=/var/log/messages syslog.file.msg.level=debug syslog.file.umask=077 syslog.fwd.status=disabled syslog.fwd.msg.level=info syslog.rcms.alarm.status=disabled syslog.rcms.alarm.level=info syslog.rotate.status=enabled syslog.rotate.at.size=102400 # Section: sysconf sysconf.trace=enabled # Section: netconf netconf.status=enabled netconf.1.status=enabled netconf.1.devname=ixp0 netconf.1.type=ethernet netconf.1.mode=lan netconf.1.up=enabled netconf.1.ip=192.168.99.1 netconf.1.netmask=255.255.255.0 netconf.2.status=enabled netconf.2.devname=ixp1 netconf.2.type=ethernet netconf.2.mode=lan netconf.2.up=enabled netconf.2.ip=192.168.5.10 netconf.2.netmask=255.255.255.0 netconf.3.status=enabled netconf.3.devname=ath0 netconf.3.type=wireless netconf.3.mode=lan netconf.3.up=enabled netconf.3.ip=192.168.4.10 netconf.3.netmask=255.255.255.0 #Network devices for MSSIDs netconf.4.status=enabled netconf.4.up=enabled netconf.4.devname=ath0.ms1 netconf.4.ip=192.168.200.1 netconf.4.netmask=255.255.255.0 netconf.5.up=enabled netconf.5.status=enabled netconf.5.devname=ath0.ms2 netconf.5.ip=192.168.201.1 netconf.5.netmask=255.255.255.0 netconf.6.up=enabled netconf.6.status=enabled netconf.6.devname=ath0.ms3 netconf.6.ip=192.168.202.1 netconf.6.netmask=255.255.255.0 # Section: radio radio.status=enabled radio.countrycode=LT radio.1.status=enabled radio.1.devname=ath0 radio.1.ieee_mode=G radio.1.mode=master radio.1.channel=1 radio.1.rate.max=11M radio.1.rate.auto=enabled radio.1.frag=2346 radio.1.rts=off radio.1.txpower=5 # Section: vssid vssid.status=enabled vssid.1.status=enabled vssid.1.parent=ath0 vssid.1.devname=ath0.ms1 vssid.2.status=enabled vssid.2.parent=ath0 vssid.2.devname=ath0.ms2 vssid.3.status=enabled vssid.3.parent=ath0 vssid.3.devname=ath0.ms3 # Section: wireless wireless.status=enabled #parent wireless.1.status=enabled wireless.1.devname=ath0 wireless.1.security=none wireless.1.ssid=2_slimtest wireless.1.l2_isolation=disabled #children wireless.2.status=enabled wireless.2.devname=ath0.ms1 wireless.2.ssid=2_slimtest1 wireless.2.security=none wireless.3.status=enabled wireless.3.devname=ath0.ms2 wireless.3.ssid=2_slimtest2 wireless.3.security=none wireless.4.status=enabled wireless.4.devname=ath0.ms3 wireless.4.ssid=2_slimtest3 wireless.4.security=none # Section: wacl wacl.status=enabled ## no ACL will be used ## acl mac entries will be ignored wacl.1.status=enabled wacl.1.devname=ath0 wacl.1.policy=open wacl.1.acl.1.status=enabled wacl.1.acl.1.mac=00:0B:6B:80:D3:E1 # uncomment to add one more user # write mac instead TestPCMAC(WLAN) #wacl.1.acl.2.status=enabled #wacl.1.acl.2.mac=TestPCMAC(WLAN) ## all clients are allowed ## except user with mac 00:0B:6B:80:D3:E2 ## and TestPC3MAC user mac wacl.2.status=enabled wacl.2.devname=ath0.ms1 wacl.2.policy=allow wacl.2.acl.1.status=enabled wacl.2.acl.1.mac=00:0B:6B:80:D3:E2 # uncomment to add one more user # write mac instead TestPCMAC(WLAN) #wacl.2.acl.2.status=enabled #wacl.2.acl.2.mac=TestPC3MAC(WLAN) ## all clients are denyed ## except user with mac 00:0B:6B:80:D3:E3 ## and TestPC3MAC user mac wacl.3.status=enabled wacl.3.devname=ath0.ms2 wacl.3.policy=deny wacl.3.acl.1.status=enabled wacl.3.acl.1.mac=00:0B:6B:80:D3:E4 # uncomment to add one more user # write mac instead TestPCMAC(WLAN) #wacl.3.acl.2.status=enabled #wacl.3.acl.2.mac=TestPCMAC(WLAN) ## no ACL will be used ## acl mac entries will be ignored wacl.4.status=disabled wacl.4.devname=ath0.ms3 wacl.4.policy=open wacl.4.acl.1.status=disabled wacl.4.acl.1.mac=00:0B:6B:80:D3:E4 # uncomment to add one more user # write mac instead TestPCMAC(WLAN) #wacl.4.acl.2.status=enabled #wacl.4.acl.2.mac=TestPCMAC(WLAN)
