• All Files
ArubaOS 8.6.0.0Help Center
You are here: Home > Remote Access Points > Understanding Bridge > Configuring the Session ACL

Configuring the Session ACL

First you need to configure a sessionACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.that “permits” corporate traffic to be forwarded to themanaged deviceand that routes, or locally bridges, local traffic.

The following procedure describes how to configure sessionACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.:

1.In theManaged Networknode hierarchy, navigate to theConfiguration > Roles and Policies > Policiestab.

2.Click+to create a new policy.

3.Enter the name in thePolicy namefield.

4.SelectSessionfrom thePolicy typedrop-down list.

5.ClickSubmit.

6.Select the policy created and click+underPoliciestable.

7.SelectAccess Controloption in theRule Typefield.

8.ClickOK.

9.To complete creating the rule:

a.SelectIPv4orIPv6from theIP versiondrop-down list.

b.SelectAnyfrom theSourcedrop-down list.

c.SelectAnyfrom theDestinationdrop-down list.

d.SelectServicefrom theService/appdrop-down list.

e.Selectsvc-dhcpfrom theService aliasdrop-down list.

f.SelectPermitfor IPv4 orCaptivefor IPv6 from theActiondrop-down list.

g.ClickSubmit.

10.To create a new forwarding rule:

a.Select policy created and click+in thePolicies table.

b.SelectAccess Controloption in theRule Typefield.

c.ClickOK.

d.SelectIPv4orIPv6from theIP versiondrop-down list.

e.Selectanyfrom theSourcedrop-down list.

f.Selectaliasfrom theDestinationdrop-down list.

g.Click+in theDestinationaliasdrop-down list.

h.In theAdd New Destinationwindow, click+in theRuletable.

i.SelectNetworkfrom theRule typedrop-down list.

j.Enter the public IP address of themanaged devicein theIP addressfield.

k.Enter thenetmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses.or range in theNetwork maskfield.

l.ClickOK. The new alias appears in theDestination aliasdrop-down list.

m.ClickSubmit.

11.Navigate to theConfiguration>Roles and Policies >Rolestab.

Roles can be created only in themanaged device.

a.Click+to create a new role.

b.Enter the role name in theNamefield.

c.ClickSubmit.

d.Click the new role created.

e.ClickShow Advanced View.

f.Click+.

g.SelectAdd an existing policy选择和选择策略创建的Policy namedrop-down list.

h.ClickSubmit.

12.ClickPending Changes.

13.In thePending Changeswindow, select the check box and clickDeploy changes.

The followingCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.commands configure sessionACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.:

Ifdhcp serverinap system profileis enabled:

(host) [md] (config) #ip access-list session any any svc-dhcp permit

(host) [md] (config) #user any any route src-nat

Ifdhcp serverinap system profileis disabled:

(host) [md] (config) #ip access-list session

(host) [md] (config) #any any any permit

(host) [md] (config) #user-role

(host) [md] (config) #session-acl

To configure anACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.to Restrict Local Debug Homepage Access, seeConfiguring an ACL to Restrict Local Debug Homepage Access on page 1.
/*]]>*/
Baidu