You can use the Access Control policy to create multiple wireless networks with different access control components.

1. From the navigation bar, select Network Control > Policies & Profiles.
   The Policies & Profiles page is displayed.
2. In the Policies & Profiles page, click Access Control tab and click Add Access Control Set. Alternatively, in the Policies & Profiles page, click Add Policy or Profile, select the Access Control tab, and click Next.
   The Add Access Control Policy page is displayed.

   

3. Complete the following fields:
   • Policy Name: Enter the name for the access control policy.
   • Description: Enter a short description for the access control policy.
   • Aces Control Components: Configure the following components:
     Note: By default, all the aces control components profiles are set to OFF.

     

     • Layer 2: Toggle the switch to ON and select the Layer 2 policy from the drop down list or click Add New to add a Layer 2 policy, refer to Step 3a.
     • Layer 3: Toggle the switch to ON and select the Layer 3 policy from the drop down list or click Add New to add a Layer 3 policy, refer to Step 3b.
     • Device & OS: Toggle the switch to ON and select the Device and OS policy from the drop down list or click Add New to add a Device and OS policy, refer to Step 3c.
     • Applications: Toggle the switch to ON and select the Applications policy from the drop down list or click Add New to add an Applications policy, refer to Step 3d.
     • Client Rate Limit: Toggle the switch to ON and click to configure maximum upload rate limit and maximum download rate limit using the slider.
       Note: Maximum client rate limit ranges from 1 Mbps to 200 Mbps.
   1. Add a Layer 2 policy.

      

      1. In the Layer 2 Settings page, complete the following fields:
         • Policy Name: Enter a name for the Layer 2 policy.
         • Access: Select one of the following options:
           • Allow connections: This allows the user added MAC addresses to connect to the network server.
           • Block connections: This deny the user added MAC addresses from connecting to the network server.
         • Mac Address: Select the MAC address from the table or to add new MAC address, click Add. The Add MAC address dialog box is displayed. Enter the MAC address in the Add MAC Address dialog box, and click Save.
           Note: You can add multiple MAC addresses at once by separating them with a comma or semicolon.
           Note: You can add up to 128 MAC addresses.

           (Optional) click Clear list to clear the MAC address list.

      2. Click Save.
   2. Add a Layer 3 policy.

      

      1. In the Layer 3 Settings page, complete the following fields :
         • Policy Name: Enter a name for the Layer 3 policy.
         • Access: Select one of the following options:
           • Allow Traffic: This allows traffic to flow from a user added source to a destination IP address and port.
           • Block Traffic: This deny traffic to flow from a user added source to a destination IP address and port.
         • Layer 3 Rules: Select the rules from the table or to add a new Layer 3 Rules, click Add. The Add Layer 3 Rule dialog box is displayed.

           

           1. Complete the following fields:
              • Description: Enter a description for the rule.
              • Access: Select one of the following options:
                • Allow Traffic: This allows the up-stream traffic.
                • Block Traffic: This deny the up-stream traffic.
              • Protocol: Select the protocol which you wish to use for the new traffic rule, from the Protocol drop down list. Following are the list of protocols available for use.
                • TCP: Transmission Control Protocol.
                • UDP: User Datagram Protocol.
                • UDPLITE: Lightweight User Datagram Protocol, which is a connectionless protocol that allows even a damaged data payload to be delivered rather than being discarded.
                • ICMP (ICMPV4): Internet Control Message Protocol, which is an error-reporting protocol used by network devices to generate error messages to the source IP address, when issues in the network prevent delivery of IP packets.
                • IGMP: Internet Group Management Protocol, which is a communications protocol used by hosts on IPv4 networks to establish multicast group memberships.
                • ESP: Encapsulating Security Payload is a protocol which provides the authentication, integrity, and confidentially of network packets in IPv4 and IPv6 networks.
                • AH: Authentication Header protocol, which is used to authenticate SNMP.
                • SCTP: Stream Control Transmission Protocol is a communications protocol which operates at the transport layer.
              • Source:
                • Select one of the following options:
                  • Any IP Address: This allows or deny the up-stream traffic from any IP addresses.
                  • Subnet Network Address: Enter the source network address and source mask.
                  • IP Address: Enter the specific IP address.
                • Port: Enter a port number or a range of ports (for example, 22-34).
                  Note:

                  If you select the ICMP protocol in the previous step, you do not need to specify ports for the source and the destination. Hence, the option to select ports will not be displayed.

              • Destination:
                • Select one of the following options:
                  • Any IP Address: This allows or deny the up-stream traffic from any IP addresses.
                  • Subnet Network Address: Enter the source network address and source mask.
                  • IP Address: Enter the specific IP address.
                • Port: Enter a port number or a range of ports (for example, 22-34).
                  Note:

                  If you select the ICMP protocol in the previous step, you do not need to specify ports for the source and the destination. Hence, the option to select ports will not be displayed.

           2. Click Save.
      2. Click Save.
   3. Add a Device and OS policy.

      

      1. In the Device & OS Access Settings page, complete the following fields:
         • Policy Name: Enter the name of the policy.
         • Default Access: Select one of the following options:
           • Allow Traffic: This allows traffic from the user added devices.
           • Block Traffic: This deny traffic from the user added devices.
         • Rules: Select the rules from the table or to create a new rule, click Add. The Add Rule dialog box is displayed.

           

           1. Complete the following fields:

              

              • Rule Name: Enter the name of the rule.
              • Access: Select one of the following options:
                • Allow Traffic: This allows traffic from the devices.
                • Block Traffic: This deny traffic from the devices.
              • Device Type: Select a device type from the list of devices from the dropdown. Currently, the supported devices are, Laptop, Smart Phone, Tablet, VoIP, Gaming, Printer, and IoT device.
              • OS Vendor: Select the OS vendor for the device from the dropdown.
                Note: The OS type field is populated based on the type of device. For example, if the device type is selected as Gaming, the OS or Manufacturer dropdown displays the following options: All, GameCube, Wii, PlayStation, Xbox, and Nitendo.
              • Rate Limit: Configure the From client and To client rate limit using the sliders.
                Note: Maximum rate limit ranges from 0.1 Mbps to 200 Mbps.
              • VLAN: Enter the VLAN ID.
           2. Click Save.
      2. In the Device & OS Access Settings page, click Save.
   4. Add an Application Access policy.

      

      1. In the Application Access Settings page, complete the following fields:
         • Policy Name: Enter the name of the policy.
         • Rules: Select the rules from the table or to create a new rule, click Add. The Add Application Rule dialog box is displayed.

           

           1. Complete the following fields:
              • Rule Name: Enter the name of the rule.
              • Rule Type: Select one of the following options:
                • System Defined: Complete the following fields.
                  • Application Category: Select the category of application from the list.
                  • Application Name: Enter the name of the application.
                • User Defined: Complete the following fields.
                  • Application Name: Enter the name of the application.
                  • Destination Ip: Enter the destination IP address.
                  • Netmask: Enter the subnet mask address.
                  • Destination Port: Enter the port number.
                  • Protocol: Select TCP or UDP.
                  • Port Mapping Only: Selecting this option disables the Destination Ip and Netmask fields.
              • Access Control: Select one of the following options:
                • Block Application: This blocks the user added application.
                • Rate Limit: Configure the Max uplink rate and Max downlink rate limits using the sliders.
                  Note: Maximum rate limit ranges from 0.25 Mbps to 20 Mbps.
                • QoS: Complete the following fields.
                  • Uplink Marking: Select from 802.1p, DSCP, or Both, and select from Best effort, Video, Voice, or Background. By default, the 802.1p and Background is selected.

                    

                  • Downlink Priority: Select from Best effort, Video, Voice, or Background. By default, the Voice is selected.
           2. Click Save.
      2. Click Save.
4. Click Finish.
   An Access Control policy is created and is displayed in the Access Control page.