c. Under Destination, select any.
d. Under Service, select service. In the service drop-down list, select svc-dhcp.
e. Under Action, select permit.
f. Click Add.
6. To create the next rule:
a. Under Rules, click Add.
b. Under Source, select any.
c. Under Destination, select any.
d. Under Service, select any.
e. Under Action, select route, and select the src-nat checkbox.
f. Click Add.
7. Click Apply.
.
If you use a local DHCP server to obtain IP addresses, you must define one additional ACL to permit traffic between
clients without source NATing the traffic. Add user alias internal-network any permit before any any any
route src-nat.
8. Click the User Roles tab.
a. Click Add.
b. Enter the Role Name.
c. Click Add under Firewall Policies.
d. In the Choose from Configured Policies menu, select the policy you just created.
e. Click Done.
In the CLI
Use the following commands:
(host) (config) #ip access-list session <policy>
any any svc-dhcp permit
any any any route src-nat
If you use a local DHCP server to obtain IP addresses, you must define one additional ACL to permit traffic
between clients without source NATing the traffic. Add user alias internal-network any permit before any
any any route src-nat:
(host) (config) #user-role <role>
Configuring the AAA Profile
In the WebUI
1. Navigate to the Security > Authentication > AAA Profiles page. From the AAA Profiles Summary list,
click Add.
2. Enter the AAA profile name, then click Add.
3. Select the AAA profile that you just created:
a. For Initial role, select the user role you just created.
b. For 802.1X Authentication Default Role, select the appropriate role for your remote AP configuration,
then click Apply.
AOS-W 6.5.3.x | User Guide Remote Access Points | 717
To Next Page
Loading...