Filter
Top Products
535 | Remote AccessPoints DellPowerConnectW-SeriesArubaOS6.2 | User Guide
unauthorized APs are put into the temporary AP group authorization-group and assigned the predefined profile
NoAuthApGroup. This configuration allows the user to connect to an unauthorized remote AP via a wired port then
enter a corporate username and password. Once a valid user has authorized the AP and the remote AP will be marked
as authorized on the network. The remote AP will then download the configuration assigned to that AP by it's
permanent AP group.
Adding or Editing a Remote AP Authorization Profile
To create a new authorization profile or edit an existing authorization profile via the WebUI:
1. Select Configuration > All Profiles. The All Profile Management window opens.
2. Select AP to expand the AP profile menu.
3. Select AP Authorization Profile. The Profile Details pane appears and displays the list of existing AP
authorization profiles.
l To edit an existing profile, select a profile from from the Profile Details pane.
l To create a new authorization profile, enter a new profile name in the entry blank on the Profile Details pane,
then click Add.
4. The Profile Details window will display the AP group currently defined for that authorization profile. To select a
new AP group, click the drop-down list and select a different AP group name.
5. Click Apply to save your changes.
To create a new authorization profile or edit an existing authorization profile via the command-line interface, access
the command-line interface in enable mode, and issue the following commands.
ap authorization-profile <profile>
authorization-group <ap-group>
Working with Access Control Lists and Firewall Policies
Remote APs support the following access control lists (ACLs); unless otherwise noted, you apply these ACLS to user
roles:
l Standard ACLs—Permit or deny traffic based on the source IP address of the packet.
l Ethertype ACLs—Filter traffic based on the Ethertype field in the frame header.
l MAC ACLs—Filter traffic on a specific source MAC address or range of MAC addresses.
l Firewall policies (session ACLs)—Identifies specific characteristics about a data packet passing through the Dell
controller and takes some action based on that identification. You apply these ACLs to user roles or uplink ports.
NOTE: To configure firewall policies, you must install the PEFNG license.
For more information about ACLs and firewall policies, see "Configuring Fallback Mode" on page 524.
Understanding Split Tunneling
The split tunneling feature allows you to optimize traffic flow by directing only corporate traffic back to the
controller, while local application traffic remains local. This ensures that local traffic does not incur the overhead of
the round trip to the controller, which decreases traffic on the WAN link and minimizes latency for local application
traffic. This is useful for sites that have local servers and printers. With split tunneling, a remote user associates with
a single SSID, not multiple SSIDs, to access corporate resources (for example, a mail server) and local resources (for
example, a local printer). The remote AP examines session ACLs to distinguish between corporate traffic destined
for the controller and local traffic.