Table of Contents
Advertisement
You can configure up to 128 access rules for an Employee, Voice , or Guest network using the Instant UI or the
CLI.
In the Instant UI
To configure access rules for an Employee or Voice network:
1. In the Access Rules tab, set the slider to any of the following types of access control:
Unrestricted—Select this option to set unrestricted access to the network.
l
Network-based—Set the slider to Network-based to set common rules for all users in a network. The
l
Allow any to all destinations access rule is enabled by default. This rule allows traffic to all
destinations.
To define an access rule:
a. Click New.
b. Select appropriate options in the New Rule window.
c. Click OK.
Role-based—Select this option to enable access based on user roles. For role-based access control:
l
Create a user role if required. For more information, see
n
Create access rules for a specific user role. For more information, see
n
Network Services on page
authentication for an SSID that is configured to use 802.1X authentication method. For more
information, see
Create a role assignment rule. For more information, see
n
2. Click Finish.
In the CLI
To configure access control rules for a WLAN SSID:
(Instant AP)(config)# wlan access-rule <name>
(Instant AP)(Access Rule <name>)# rule <dest> <mask> <match> {<protocol> <start-port> <end-
port> {permit|deny|src-nat [vlan <vlan_id>|tunnel]|dst-nat{<IP-address> <port>|<port>}}| app
<app> {permit|deny}| appcategory <appgrp>|webcategory <webgrp> {permit|deny}| webreputation
<webrep> [<option1....option9>]
(Instant AP)(Access Rule <name>)# end
(Instant AP)# commit apply
To configure access control rules based on the SSID:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# set-role-by-ssid
(Instant AP)(SSID Profile <name>)# end
(Instant AP)# commit apply
To configure role assignment rules:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# set-role <attribute>{{equals|not-equals|starts-with|ends-
with|contains|matches-regular-expression}<operator><role>|value-of}
(Instant AP)(SSID Profile <name>)# end
(Instant AP)# commit apply
To configure a pre-authentication role:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# set-role-pre-auth <role>
(Instant AP)(SSID Profile <name>)# end
(Instant AP)# commit apply
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
182. You can also configure an access rule to enforce captive portal
Configuring Captive Portal Roles for an SSID on page
Configuring User
Roles.
Configuring ACL Rules for
138.
Configuring Derivation Rules on page
Wireless Network Profiles |
201.
99
Hide quick links:
Advertisement
Table of Contents
