Configuring filters by using cli commands, Creating a time-base acl – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

478

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 17

Configuring Filters

Configuring Filters by Using
CLI Commands

To configure filters by using CLI commands, you use access control lists (ACLs)
and bridge groups. You can find explanations of these concepts and instructions
for implementing them in these documents:

•

Cisco IOS Bridging and IBM Networking Configuration Guide, Release
12.4

.

•

Catalyst 4908G-L3 Cisco IOS Release 12.0(10)W5(18e) Software
Feature and Configuration Guide

.

Creating a Time-base ACL

Time-based ACLs are ACLs that can be enabled or disabled for a specific period
of time. This capability provides robustness and the flexibility to define access
control policies that either permit or deny certain kinds of traffic.

This example illustrates how to configure a time-based ACL through CLI, where
Telnet connection is permitted from the inside to the outside network on
weekdays during business hours:

Follow these steps to create a time-based ACL.

1. Log in to the AP through CLI.
2. Use the console port or Telnet to access the ACL through the Ethernet

interface or the wireless interface.

3. Enter global configuration mode.
4. Create a Time Range. For this example, Test:

AP<config>#time-range Test

5. Create a time-range:

AP<config>#time-range periodic weekdays 7:00 to

19:00

This lets users have access during weekdays from 7:00…19:00 hours.

IMPORTANT

Avoid using both CLI and the web browser interfaces to configure the wireless
device. If you configure the wireless device by using CLI, the web browser
interface can display an inaccurate interpretation of the configuration.
However, the inaccuracy does not necessarily mean that the wireless device is
misconfigured. For example, if you configure ACLs by using CLI, the web
browser interface can display this message: “Filter 700 was configured on
interface

Dot11Radio0

by using CLI commands. It must be cleared via CLI

for proper operation of the web interface.” If you see this message, use CLI to
delete the ACLs and use the web browser interface to reconfigure them.

IMPORTANT

A time-based ACL can be defined either on the Fast Ethernet port or on the
Radio port of the Aironet AP, based on your requirements. It is never applied on
the Bridge Group Virtual Interface (BVI).