Sending an ACL through iMC does not take effect

Customer requirements: some specific addresses on the Intranet can be accessed, while others are not.  

Problem: Unable to access the permit address after the terminal is online  

1. Check whether the ACL is issued to the terminal

View the ACL parameter through the Display Wlan client verbose, shown in red, where the server has sent the ACL to the terminal. 

2. Display ACL 3003 and reproduce the problem to see if the number of ACL matches increases 

Check the number of ACL matches. The number of ACL matches is still increasing after repeating the problem, indicating that the ACL is in effect. 

3.View the configuration of  ACL

ACL configuration puts through the addresses for 10.151.6.17, 10.151.1.230, 10.151.75.254;This denies the other addresses in the segment, which doesn"t seem to be a problem. 

However, let"s analyze the traffic direction. The ping packet path is back and forth. The ACL only puts through the address with the purpose of 10.151.6.17, but for the address planned to put through, it only puts through the rule with the address as the destination.So you also need to put through the source address.  

All plan permit addresses allow both for purpose and source release

Rule 10 permit IP Destination X.X.X.X 0

Rule 15 permit IP Source X.X.X.X 0