We used Access Control List, stored on a network routing device, to list down the allowed devices on a network. Utilizing this feature a Wi-Fi administrator can allow authorized access or block unauthorized access to their network. ACL can be configured using a wireless router, it can filter, block or re-route traffic. A router can be a basic router such as Dlink or Linksys to advanced one such as Cisco or Netgear .
Usually Wi-Fi routers are pre-configured to broadcast their SSID (Service set Identifier) to allow any traffic to connect. We can secure our network by implementing WPA- Personal or WPA-Enterprise passwords techniques or disabling SSID broadcast to secure networks but it is not a complete security solution as hackers can find and break the network passwords. Adding an ACL can help to further enhance security and minimize unauthorized access due the establishment of an additional layer of defense.
Access lists store the MAC addresses of the devices including users’ laptop or computer Wi-Fi NICs. If the computer trying to access the network which is not listed on the ACL, it will not permitted to access the network. Interesting is hackers can be able to find MAC addresses as well but surely not any system can be 100% secure except the our Creator’s system .
Additionally, we can have further requirements to secure the Wireless networks that users on a guest network should have access to the Internet but not be able to intercommunicate with each other, to do this we usually have features such as “client isolation” or “station isolation” to stop communicating with other users even they are connected to the same AP on the same SSID. As this feature only works with one AP, the question is how to prevent devices with different APs within the same network. The answer is to use the ACL feature with managed layer 2 switches to control the inter-communication between the clients across all the networks. ACLs are the basic level of firewall for all incoming traffic towards switch port, and thus can be taken as tremendously adaptable, sophisticated and comprehensive tool, and can be deployed in any environment where we need to control or block specific user or devices to interact with network resources.