Access-control list (LEPS-MAC)

With the Access Control Lis (ACL) you can permit or prevent individual WLAN clients accessing your WLAN. The decision is based on the MAC address that is permanently programmed into WLAN adapters.

Note: If you centrally manage your LANCOM WLAN routers and LANCOM APs with a WLC, you will find the station table under WLAN controller > Stations/LEPS > LEPS-MAC under the button Station rules.

Check under Wireless LAN > Stations/LEPS > LEPS-MAC to see if the setting Filter out data from the listed stations, transfer all other is activated. New stations to be included in your wireless network are added with the button Station rules.





MAC address pattern
MAC address of the WLAN client for this entry. The following entries are possible:
Individual MAC address
A MAC address in the format 00a057112233, 00-a0-57-11-22-33 or 00:a0:57:11:22:33.
Wildcards
The wildcards '*' and '?' uses to specify MAC address ranges, e.g. 00a057*, 00-a0-57-11-??-?? or 00:a0:??:11:*.
Vendor ID
The device contains a list of the major manufacturer OUIs (organizationally unique identifier). The MAC address range is valid if this entry matches the first three bytes of the MAC address of the WLAN client.
Note: It is possible to use wildcards.
SSID pattern
WLAN clients with the corresponding MAC addresses have access that is limited to this SSID.
Note: The use of wildcards makes it possible to allow access to multiple SSIDs.
Name
You can enter any name you wish and a comment for any WLAN client. This enables you to assign MAC addresses more easily to specific stations or users.
Passphrase
Here you may enter a separate passphrase for each physical address (MAC address) that is used in a 802.11i/WPA/AES-PSK-secured network. If no separate passphrase is specified for this MAC address, the passphrases stored in the 802.11i/WEP area will be used for each logical wireless LAN network.
TX bandwidth limit
Transmission-bandwidth restriction for WLAN clients currently authenticating themselves. A LANCOM Access Point in client mode transmits its own setting to the access point during login. This, together with the value set here, forms the bandwidth minimum as the bandwidth limit.
RX bandwidth limit
Reception-bandwidth restriction for WLAN clients currently authenticating themselves. A LANCOM Access Point in client mode transmits its own setting to the access point during login. This, together with the value set here, forms the bandwidth minimum as the bandwidth limit.
Note: The RX bandwidth restriction is only active for WLAN devices in client mode. This value is not used by normal WLAN clients.
Comment
You can enter a comment here.
VLAN-ID
This VLAN ID is assigned to packets that are received from the client with the MAC address entered here. In case of VLAN-ID '0', the station is not assigned a specific VLAN ID. Instead, the VLAN ID of the radio cell (SSID) applies.

If filter rules contradict, the individual rule has a higher priority: A rule without wildcards in the MAC address or SSID takes precedence over a rule with wildcards. When creating these entries, the user should ensure that filter rules do not contradict. The definitions in the filters can be checked in a Telnet session with the trace command trace WLAN-ACL.

Important: The filter criteria in the station list either allow or deny WLAN clients to access your wireless network. The entries Name, Bandwidth limit, VLAN ID and Passphrase are meaningless if the device uses valid filter criteria to deny access to the WLAN.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo