ACL assignment
You can specify an ACL for an 802.1X or MAC authentication client to control the client's access to network resources. After the client passes authentication, the authentication server assigns the ACL to the client for filtering traffic for this client. The authentication server can be on the AP that acts as the authenticator or on a RADIUS server. In either case, you must configure rules for the ACL on the authenticator.
To change the access control criteria for the client, you can use one of the following methods:
Modify the ACL rules on the authenticator.
Specify another ACL for the client on the authentication server.
For more information about ACLs, see ACL and QoS Configuration Guide.