274| 802.1X Authentication AOS-W 6.5.3.x| User Guide
h. Click Apply.
2. Click the Policies tab. Click Add to add the guest policy.
3. For e Policy Name, enter guest.
4. For Policy Type, select IPv4 Session.
5. Under Rules, click Add to add rules for the policy.
To create rules to permit access to DHCP and DNS servers during working hours:
a. Under Source, select user.
b. Under Destination, select host. In Host IP, enter 10.1.1.25.
c. Under Service, select service. In the Service scrolling list, select svc-dhcp.
d. Under Action, select permit.
e. Under Time Range, select working-hours.
f. Click Add.
g. Repeat steps A-F to create a rule for svc-dns.
To create a rule to deny access to the internal network:
a. Under Source, select user.
b. Under Destination, select alias. Select Internal Network.
c. Under Service, select any.
d. Under Action, select drop.
e. Click Add.
To create rules to permit HTTP and HTTPS access during working hours:
a. Under Source, select user.
b. Under Destination, select any.
c. Under Service, select service. In the Services scrolling list, select svc-http.
d. Under Action, select permit.
e. Under Time Range, select working-hours.
f. Click Add.
g. Repeat steps A-F for the svc-https service.
To create a rule that denies the user access to all destinations and all services:
a. Under Source, select user.
b. Under Destination, select any.
c. Under Service, select any.
d. Under Action, select drop.
e. Click Add.
6. Click Apply.
7. Click the User Roles tab. Click Add to create the guest role.
8. For Role Name, enter guest.
9. Under Firewall Policies, click Add. In Choose from Configured Policies, select the guest policy you
previously created. Click Done.
In the CLI
time-range working-hours periodic
weekday 07:30 to 17:00
(host)(config) #ip access-list session guest
user host 10.1.1.25 svc-dhcp permit time-range working-hours
To Next Page
Loading...