Objective
This document outlines the steps to configure ACL rules on Omada AP using the Omada Controller to restrict wireless client access.
Requirements
- Omada Controller (Software Controller / Hardware Controller / Cloud-Based Controller)
- Omada AP
Introduction
To ensure network security and maintain the quality of service within an enterprise network, Omada APs support Access Control Lists (ACL). By filtering wireless packets, ACL limits unauthorized wireless users’ access to the network and controls the access rights of user nodes. This helps manage traffic and enhances network security. There are two primary use cases for the ACL feature on Omada APs:
1. Protecting resource nodes. By isolating specific packets from devices, ACL can block unauthorized users from accessing sensitive resources.
2. Restricting access rights. ACL can limit the permissions of specific wireless users.
This guide demonstrates how to configure ACL, using Omada Controller version 5.14.20.9 as an example.
Configuration
Step 1. Log in to the Controller and navigate to Site Settings > Network Security > ACL > EAP ACL. Click Create New Rule to add a new ACL rule.
Step 2. Enter a description for the ACL, check Enable by default, and select either Deny or Permit based on your needs (this example uses Deny). Choose the required protocols, or select Select All to include all protocols.
Step 3. Configure the Source and Destination by selecting the relevant types. For this example, choose SSID as the Source and IP Group as the Destination. Select the desired SSID and IP Group for the ACL, then click Create to finalize the rule.
Each type of entry is created differently:
- Network: To view or create network entries, navigate to Site Settings > Wired Networks > LAN > Network.
- IP Group, IP-Port Group, IPv6 Group, IPv6-Port Group: These can be created directly from the ACL configuration page by selecting the appropriate type and clicking Create. This example demonstrates creating an IP Group.
You can also view or create these entries in Site Settings > Profiles > Groups.
- SSID: To view or create SSID entries, go to Site Settings > Wireless Networks > WLAN.
Conclusion
This guide provides a step-by-step process for configuring ACL on Omada APs using the Omada Controller.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.
FAQ
Does Omada AP ACL apply to specific directions?
Re. The current ACL on Omada APs only applies to the WLAN->LAN and WLAN->WLAN directions.