Filter
Top Products
Predefined Policy Description
NOTE: In order for captive portal to work
properly, DNS must also be permitted. This is
normally done in the "logon-control" firewall
rule.
ip access-list session cplogout user alias mswitch
svc-https dst-nat 8081
Used to enable the captive portal "logout"
window. If the user attempts to connect to the
controller on the standard HTTPS port (443) the
client will be NATed to port 8081, where the
captive portal server will answer. If this rule is
not present, a wireless client may be able to
access the controller's administrative
interface.
ip access-list session vpnlogon
any any svc-ike permit
any any svc-esp permit
any any svc-l2tp permit
any any svc-pptp permit
any any svc-gre permit
This policy permits VPN sessions to be
established to any destination. IPsec (IKE,
ESP, and L2TP) and PPTP (PPTP and GRE) are
supported.
ip access-list session ap-acl
any any udp 5000
any any udp 5555
any any svc-gre permit
any any svc-syslog permit
any user svc-snmp permit
user any svc-snmp-trap permit
user any svc-ntp permit
This is a policy for internal use and should not
be modified. It permits APs to boot up and
communicate with the controller.
ip access-list session validuser
any any any permit
This firewall rule controls which users will be
added to the user-table of the controller
through untrusted interfaces. Only IP
addresses permitted by this ACL will be
admitted to the system for further processing.
If a client device attempts to use an IP address
that is denied by this rule, the client device
will be ignored by the controller and given no
network access. You can use this rule to
restrict foreign IP addresses from being added
to the user-table.
This policy should not be applied to any user
role, it is an internal system policy.
ip access-list session vocera-acl
any any svc-vocera permit queue high
Use for Vocera VoIP devices to automatically
permit and prioritize Vocera traffic.
ip access-list session icmp-acl
any any svc-icmp permit
Permits all ICMP traffic.
ip access-list session sip-acl
any any svc-sip-udp permit queue high
any any svc-sip-tcp permit queue high
Use for SIP VoIP devices to automatically
permit and prioritize all SIP control and data
traffic.
ip access-list session https-acl
Permits all HTTPS traffic.
DellPowerConnectW-SeriesArubaOS6.2 | User Guide Behavior and Defaults | 828