Users Guide

Table Of Contents
g. Repeat steps A-F to create a rule for svc-dns.
To create a rule to deny access to the internal network:
a. Under Source, select user.
b. Under Destination, select alias. Select Internal Network.
c. Under Service, select any.
d. Under Action, select drop.
e. Click Add.
To create rules to permit HTTP and HTTPS access during working hours:
a. Under Source, select user.
b. Under Destination, select any.
c. Under Service, select service. In the Services scrolling list, select svc-http.
d. Under Action, select permit.
e. Under Time Range, select working-hours.
f. Click Add.
g. Repeat steps A-F for the svc-https service.
To create a rule that denies the user access to all destinations and all services:
a. Under Source, select user.
b. Under Destination, select any.
c. Under Service, select any.
d. Under Action, select drop.
e. Click Add.
6. Click Apply.
7. Click the User Roles tab. Click Add to create the guest role.
8. For Role Name, enter guest.
9. Under Firewall Policies, click Add. In Choose from Configured Policies, select the guest policy you
previously created. Click Done.
In the CLI
time-range working-hours periodic
weekday 07:30 to 17:00
(host)(config) #ip access-list session guest
user host 10.1.1.25 svc-dhcp permit time-range working-hours
user host 10.1.1.25 svc-dns permit time-range working-hours
user alias “Internal Network” any deny
user any svc-http permit time-range working-hours
user any svc-https permit time-range working-hours
user any any deny
(host)(config) #user-role guest
session-acl guest
Creating Roles and Policies for Sysadmin and Computer
The allowall policy, a predefined policy, allows unrestricted access to the network. The allowall policy is
mapped to both the sysadmin user role and the computer user role.
Dell Networking W-Series ArubaOS 6.4.x | User Guide 802.1X Authentication |
342