SonicOS 8 Internal Wireless

Technical Documentation>  Virtual Access Point>  Virtual Access Point Profiles>  ACL Enforcement
Table of Contents

ACL Enforcement

Each Virtual Access Point can support an individual Access Control List (ACL) to provide more effective authentication control. The Wireless ACL feature works in tandem with the wireless MAC Filter List currently available on SonicOS. Using the ACL Enforcement settings, users are able to enable or disable the MAC Filter List, configure the Allow List, and configure the Deny list.

Each Virtual Access Point (VAP) can use its own MAC Filter List or use the global MAC Filter List. In VAP mode, each VAP in the group has two options:

  • Configure its own MAC Filter List
  • Use the global MAC Filter List shared by all VAPs in the group

To enable MAC Filter List enforcement

  1. Navigate to DEVICE | Internal Wireless > Virtual Access Point > Virtual Access Point Profiles.

  2. To create a new profile, click Add at the top-right of the page.

    To edit an existing Virtual Access Point Profile, hover over the profile and click the Edit icon.

  3. In the ACL Enforcement section, toggle Enable MAC Filter List option to enable it. When the MAC filter list is enabled, the other settings are also enabled so you can set them.
  4. Toggle Use Global ACL Settings option to enable it. This associates the Virtual Access Point with the already existing MAC Filter List settings for the SonicWall network security appliance.

    5. You cannot edit the Allow or Deny Lists with this option enabled.

  5. In the Allow List, select an address object group from the drop-down menu. This identifies the MAC addresses of the devices allowed to access the virtual access point.

    Choose Create MAC Address Object Group if you want to create a new address object group containing MAC addresses of the devices that are allowed access. Refer to the SonicOS 8 Match Objects administration guide for information on how to create an address object group.

  6. In the Deny List, select an address object group from the drop-down menu. This identifies the MAC addresses of the devices denied access to the virtual access point.

    Choose Create MAC Address Object Group if you want to create a new address object group containing MAC addresses of the devices that are denied access. Refer to the SonicOS 8 Match Objects administration guide for information on how to create an address object group.

  7. Click Accept when done.
Chat