Filter
Top Products
831 | Behavior andDefaults DellPowerConnectW-SeriesArubaOS6.2 | User Guide
Predefined Role Description
session-acl https-acl
session-acl dhcp-acl
session-acl icmp-acl
session-acl dns-acl
ipv6 session-acl v6-http-acl
ipv6 session-acl v6-https-acl
ipv6 session-acl v6-dhcp-acl
ipv6 session-acl v6-icmp-acl
ipv6 session-acl v6-dns-acl
DHCP, ICMP, and DNS for the guest user. To increase security, a
"deny" rule for internal network destinations could be added at the
beginning.
user-role guest-logon
captive-portal default
session-acl logon-control
session-acl captiveportal
This role is used as the pre-authentication role for guest SSIDs. It
allows control traffic such as DNS, DHCP, and ICMP, and also
enables captive portal.
user-role <ssid>-guest-logon
captive-portal default
session-acl logon-control
session-acl captiveportal
This role is only generated when creating a new WLAN using the
WLAN Wizard. The WLAN Wizard creates this role when captive
portal is enabled. This is the initial role that a guest will be placed in
prior to captive portal authentication. By using a different guest logon
role for each SSID, it is possible to enable multiple captive portal
profiles with different customization.
user-role stateful-dot1x
This is an internal role used for Stateful 802.1x. It should not be
edited.
user-role authenticated
session-acl allowall
ipv6 session-acl v6-allowall
This is a default role that can be used for authenticated users. It
permits all IPv4 and IPv6 traffic for users who are part of this role.
user-role logon
session-acl logon-control
session-acl captiveportal
session-acl vpnlogon
ipv6 session-acl v6-logon-control
This is a system role that is normally applied to a user prior to
authentication. This applies to wired users and non-802.1x wireless
users.
The role allows certain control protocols such as DNS, DHCP, and
ICMP, and also enables captive portal and VPN termination/pass
through. The logon role should be edited to provide only the required
services to a pre-authenticated user. For example, VPN pass through
should be disabled if it is not needed.
user-role <ssid>-logon
session-acl control
session-acl captiveportal
session-acl vpnlogon
This role is only generated when creating a new WLAN using the
WLAN Wizard. The WLAN Wizard creates this role when captive
portal is enabled and a PEFNG license is installed. This is the initial
role that a client will be placed in prior to captive portal
authentication. By using a different logon role for each SSID, it is
possible to enable multiple captive portal profiles with different
customization.
user-role <ssid>-captiveportal-
profile
When utilizing the WLAN Wizard and you do not have a PEF NG
installed and you are configuring an Internal or Guest WLAN with
captive portal enabled, the controller creates an implicit user role
with the same name as the captive portal profile, <ssid>-
captiveportal-profile.
This implicit user role allows only DNS and DHCP traffic between the
client and network and directs all HTTP or HTTPS requests to the
captive portal. You cannot directly modify the implicit user role or its
rules. Upon authentication, captive portal clients are allowed full
access to their assigned VLAN. Once the WLAN configuration is
pushed to the controller, the WLAN wizard will associate the new
role with the initial user role that you specify in the AAA profile. This
role will not be visible to the user in the WLAN wizard.