Showing results for 
Search instead for 
Did you mean: 

System L2ACL Issues - R510

New Contributor II

Hi folks--

I'm having issues with my Unleashed R510 and L2ACL.  Up until earlier today I had an L2ACL (we'll call it Deny) assigned to a specific SSID.  At a particular point I unblocked a device that was going to be used again (that was not on the Deny L2ACL) via the Unleashed app, and then noticed every entry in the Deny L2ACL was now being blocked on each SSID.  

I then logged into the web UI to check the config, and removed the ACL within the UI, yet the devices were still being shown as blocked in the client list.  I've power-cycled the unit, upgraded and downgraded, seemingly everything but a factory reset.  

To the subject, though:  After getting a chance to log into the AP via the CLI, I've confirmed that all of the entries in the Deny L2ACL are now in the System L2ACL, and I have not been able to edit the System L2ACL via CLI or otherwise.  

Does anyone know how to edit the System L2ACL?  Or how to resolve this issue otherwise?  (I would obviously prefer not to do a factory reset.)


Community Admin
Community Admin

Hi @Mouse6213,

If you block a client directly from the web UI under clients, it will become the part of global L2ACL block list and blocked users cannot connect to any SSID. This is as per design.

Try below online doc which has CLI command to unblock a client, see if that helps. 

Syamantak Omer
RUCKUS Networks, CommScope!
Follow me on LinkedIn

View solution in original post


New Contributor II

Hi folks--

Anyone have any ideas on this?  I've asked some folks offline tied to Ruckus/Commscope, and they, too, have been stumped.


This is what I see via terminal (MAC addresses removed).  I still have not found a way to remove items from the L2ACL, which really does strike me as an odd situation to have.  Happens with most recent firmware and a step down.  

Hi @Mouse6213 

Can you try the below steps from the CLI:

To delete the ACL policy:
ruckus(config)# no l2acl <ACL name>
Example: ruckus(config)# no l2acl ACL
ruckus(config-l2acl)# end

To delete just the MAC entries and not the ACL policy:

ruckus# config
ruckus(config)# l2acl <Enter the L2 MAC ACL name>
ruckus(config-l2acl)# del-mac <MAC> -----> Deletes a MAC address from the L2 ACL.
ruckus(config-l2acl)# end

Let me know if this works.

Hi @sanjay_kumar --

Unfortunately, since these were somehow added to the System L2ACL, I'm not able to update that policy even in privileged.  




Hi @Mouse6213 
If you go to Clients Tab >> You can see the list of clients, do you also see the clients here which you can see from the CLI System L2acl?

If yes, you can select it >> Click on More >> Click on Unblock. 
This will remove the entry from the System L2acl. I just tried and it worked.

Please check and let me know.

If it is not working, please let me know the exact steps to reproduce the issue so that I can try.