• All Files
ArubaOS 8.6.0.0Help Center
You are here: Home > Remote Access Points > Advanced Configuration Options > Configuring the Session ACL

Configuring the Session ACL

The following procedure describes how to configure sessionACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.:

1.In theManaged Networknode hierarchy, navigate to theConfiguration>Roles and Policies >Policiestab.

2.Click+to create a new policy.

3.Enter the policy name in thePolicy Namefield.

4.From thePolicy Typedrop-down list, selectSession.

5.ClickSubmit.

6.To create the first rule:

a.Select the policy created.

b.Click+in thePolicies > New Policytable.

c.SelectAccess Controloption in theRule Typefield.

d.ClickOK.

e.SelectAnyfrom theSourcedrop-down list.

f.SelectAnyfrom theDestinationdrop-down list.

g.SelectServicefrom theService/appdrop-down list.

h.Selectsvc-dhcpfrom theService aliasdrop-down list.

i.SelectPermitfrom theActiondrop-down list.

j.ClickSubmit.

7.To create the next rule:

a.Click the policy created.

b.Click+.

c.SelectAccess Controloption in theRule Typefield.

d.ClickOK.

e.SelectAnyfrom theSourcedrop-down list.

f.SelectAnyfrom theDestinationdrop-down list.

g.SelectServicefrom theService/appdrop-down list.

h.SelectAnyfrom theService aliasdrop-down list.

i.SelectRoute Source NATfrom theActiondrop-down list.

8.ClickSubmit.

If you use a localDHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.server to obtain IP addresses, you must define one additionalACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.to permit traffic between clients without usingsource NATSource NAT changes the source address of the packets passing through the router. Source NAT is typically used when an internal (private) host initiates a session to an external (public) host.to route the traffic. Adduseralias internal-network any permitbeforeany any any route src-nat.

9.In theManaged Networksnode hierarchy, navigate to theConfiguration>Roles and Policies >Rolestab.

Roles can be created only in themanaged device.

10.Click+to create a new role.

11.Enter the role name in theNamefield.

12.ClickSubmit.

13.Select the new role created.

14.ClickShow Advanced View.

15.Click+.

16.Select anAdd existing policy选择和选择策略创建的Policy namedrop-down list.

17.ClickSubmit.

18.ClickPending Changes.

19.In thePending Changeswindow, select the check box and clickDeploy changes.

The followingCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.commands configure sessionACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.:

(host) [md] (config) #ip access-list session

any any svc-dhcp permit

any any any route src-nat

If you use a localDHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.server to obtain IP addresses, you must define one additionalACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.to permit traffic between clients without usingsource NATSource NAT changes the source address of the packets passing through the router. Source NAT is typically used when an internal (private) host initiates a session to an external (public) host.to route the traffic. Adduser alias internal-network any permitbeforeany any any route src-nat:

(host) [md] (config) #user-role

session-acl

/*]]>*/
Baidu