You can use the Access Control policy to create multiple wireless networks with different access control components.

1. Add the Access Control service to your tenant account. From the navigation bar, select Network Control > Service Catalog. Alternatively, you can select Network Control > My Services, then click Add Service.
2. Find Access Control tile and click Add.
   The Add Access Control page is displayed. By default, Wi-Fi is selected for Access Control Type, and Access Control Set is selected for Wi-Fi Access Control Profile.
3. Click Next.
   The Add Access Control Policy page is displayed.

   

4. Enter the Policy Name for the access control policy.
5. (Optional) Enter a Description for the access control policy.
6. Configure the Access Control Components.
   Note: By default, access control component profiles are disabled.

   

7. Toggle the Layer 2 switch on and select a profile from the drop-down list.
   If the Layer 2 Settings are not available, click Add New.

   The Layer 2 Settings sidebar is displayed.

   

   Complete the following to create a new Layer 2 setting:

   1. Enter a Policy Name.
   2. Enter a Description.
   3. Select Access. Select one of the following options:
      • Allow connections: This allows the user added MAC addresses to connect to the network server.
      • Block connections: This denies the user added MAC addresses from connecting to the network server.
   4. Select a MAC Address from the list by clicking the radio button.

      If the MAC address you need is not listed, click Add.

      The Add MAC Address sidebar is displayed.

      • Enter MAC addresses.
        Note: You can add multiple MAC addresses at once by separating them with a comma or semicolon, and you can add up to 128 MAC addresses in total.
      • Click Save.
   5. Click Clear list to clear the MAC address list.
   6. Click Save.
8. Toggle the Layer 3 switch on and select profile from the drop-down list.
   If the Layer 3 Settings are not available, click Add New.

   The Layer 3 Settings sidebar is displayed.

   

   Complete the following to create a Layer 3 Settings

   1. Enter a Policy Name.
   2. Enter a Description.
   3. Select Default Access. Select one of the following options:
      • Allow Traffic: This allows traffic to flow from a user added source to a destination IP address and port.
      • Block Traffic: This denies traffic from flowing a user added source to a destination IP address and port.
   4. Select a rule from the Layer 3 Rules list by clicking the radio button.

      If the Layer 3 Rules you need are not listed, click Add.

      The Add Layer 3 Rule sidebar is displayed. Complete the following to create a new Layer 3 Rule.

      • Description: Enter a description for the rule.
      • Access: Select one of the following options:
        • Allow Traffic: This allows the upstream traffic.
        • Block Traffic: This denies the upstream traffic.
      • Protocol: Select the protocol that you wish to use for the new traffic rule, from the protocol drop-down list. The following is a list of protocols available for use.
        • TCP: Transmission Control Protocol.
        • UDP: User Datagram Protocol.
        • UDPLITE: Lightweight User Datagram Protocol, which is a connectionless protocol that allows even a damaged data payload to be delivered rather than being discarded.
        • ICMP (ICMPV4): Internet Control Message Protocol, which is an error-reporting protocol used by network devices to generate error messages to the source IP address, when issues in the network prevent delivery of IP packets.
        • IGMP: Internet Group Management Protocol, which is a communications protocol used by hosts on IPv4 networks to establish multicast group memberships.
        • ESP: Encapsulating Security Payload is a protocol that provides authentication, integrity, and confidentiality of network packets in IPv4 and IPv6 networks.
        • AH: Authentication Header protocol, which is used to authenticate SNMP.
        • SCTP: Stream Control Transmission Protocol is a communications protocol that operates at the transport layer.
      • Source:
        • Select one of the following options:
          • Any IP Address: This allows or denies the upstream traffic from any IP addresses.
          • Subnet Network Address: Enter the source network address and source mask.
          • IP Address: Enter the specific IP address.
        • Port: Enter a port number or a range of ports (for example, 22-34).
          Note:

          If you select the ICMP protocol in the previous step, you do not need to specify ports for the source and the destination. Hence, the option to select ports will not be displayed.

      • Destination:
        • Select one of the following options:
          • Any IP Address: This allows or denies the upstream traffic from any IP addresses.
          • Subnet Network Address: Enter the source network address and source mask.
          • IP Address: Enter the specific IP address.
        • Port: Enter a port number or a range of ports (for example, 22-34).
          Note:

          If you select the ICMP protocol in the previous step, you do not need to specify ports for the source and the destination. Hence, the option to select ports will not be displayed.

      • Click Save.
   5. Click Save.
9. Toggle the Device & OS switch on and select profile from the drop-down list.
   If the Device & OS are not available, click Add New.

   The Device & OS Access Settings sidebar is displayed.

   

   Complete the following to create a new device and OS access setting:

   1. Enter a Policy Name.
   2. Enter a Description.
   3. Select a Default Access. Select one of the following options:
      • Allow Traffic: This allows traffic from the user added devices.
      • Block Traffic: This denies traffic from the user added devices.
   4. Select a rule from the Rules list by clicking the radio button.

      If the rule you need is not listed, click Add.

      The Add Rule sidebar is displayed.

      

      Complete the following to create a new rule.

      • Rule Name: Enter the name of the rule.
      • Access: Select one of the following options:
        • Allow Traffic: This allows traffic from the devices.
        • Block Traffic: This denies traffic from the devices.
      • Device Type: Select a device type from the list of devices from the drop-down. Currently, the supported devices are Laptop, Smartphone, Tablet, VoIP, Gaming, Printer, and IoT device.
      • OS or Manufacturer: Select the OS vendor for the device from the drop-down.
        Note: The OS type field is populated based on the type of device. For example, if the device type is selected as Gaming, the OS or Manufacturer drop-down displays the following options: All, GameCube, Wii, PlayStation, Xbox, and Nintendo.
      • Rate Limit: Configure the From client and To client rate limit using the sliders.
        Note: Maximum rate limit ranges from 0.1 Mbps to 200 Mbps.
      • VLAN: Enter the VLAN ID.
      • Click Save.
   5. Click Save.
10. Toggle the Applications switch on and select profile from the drop-down list.
    If the Application Access Settings is not available, click Add New.

    The Application Access Settings sidebar is displayed.

    Complete the following to create a new device and OS access setting:

    1. Enter a Policy Name.
    2. Enter a Description.
    3. Select a Default Access. Select one of the following options:
       • Allow Traffic: This allows traffic from the user added devices.
       • Block Traffic: This denies traffic from the user added devices.
    4. Select a rule from the Rules list by clicking the radio button.

       If the rule you need is not listed, click Add.

       The Add Rule sidebar is displayed. Complete the following to create a new rule.

       • Rule Name: Enter the name of the rule.

       • Rule Type: Select one of the following options:
         • System Defined: Complete the following fields.
           • Application Category: Select the category of application from the list.
           • Application Name: Enter the name of the application.
         • User Defined: Complete the following fields.
           • Application Name: Enter the name of the application.
           • Destination Ip: Enter the destination IP address.
           • Netmask: Enter the subnet mask value.
           • Destination Port: Enter the port number.
           • Protocol: Select TCP or UDP.
           • Port Mapping Only: Selecting this option disables the Destination Ip and Netmask fields.
       • Access Control: Select one of the following options:
         • Block Application: This blocks the user added application.
         • Rate Limit: Configure the Max uplink rate and Max downlink rate limits using the sliders.
           Note: Maximum rate limit ranges from 0.25 Mbps to 20 Mbps.
         • QoS: Complete the following fields.
           • Uplink Marking: Select from 802.1p, DSCP, or Both, and select from Best effort, Video, Voice, or Background. By default, the 802.1p and Background are selected.

             

           • Downlink Priority: Select from Best effort, Video, Voice, or Background. By default, Voice is selected.
           • Click Save.
    5. Click Save.
11. Toggle the Client Rate Limit switch on and configure the maximum upload rate limit and maximum download rate limit using the slider.
    Note: Maximum client rate limit ranges from 1 Mbps to 200 Mbps.
12. Click Finish.
    An Access Control policy is created and is displayed in the Access Control page.