Alcatel-Lucent AOS-W 6.5.3.x

To Next Page

To Previous Page

726| Remote Access Points AOS-W 6.5.3.x| User Guide

user any any route src-nat

(host) (config) #user-role <role>

session-acl <policy>

When defining the alias, there are a number of other session ACLs that you can create to define the handling of

local traffic, such as:

(host) (config) #ip access-list session <policy>

user alias <name> any redirect 0

user alias <name> any route

user alias <name> any route src-nat

Configuring an ACL to Restrict Local Debug Homepage Access

A user in split or bridge role using a remote AP (RAP) can log on to the local debug (LD) homepage

(rapconsole.alcatel-lucent.com and perform a reboot or reset operations. The LD homepage provides various

information about the RAP and also has a button to reboot the RAP. You can now restrict a RAP user from

resetting or rebooting a RAP by using the localip keyword in the in the user role ACL.

You will require the PEFNG license to use this feature. See Software Licenses on page 79 for more information on

licensing requirements.

Any user associated to that role can be allowed or denied access to the LD homepage. You can use the localip

keyword in the ACL rule to identify the local IP address on the RAP. The localip keyword identifies the set of

all local IP addresses on the system to which the ACL is applied. The existing keywords switch and mswitch

indicate only the primary IP address on the switch.

This release of AOS-W provides localip keyword support only for RAP and not for switch.

In the WebUI

1. Navigate to the Configuration > Security > Access Control > Policies page.

2. Click Add to create a new policy.

3. Enter the policy name in the Policy Name field.

4. From the Policy Type drop-down list, select IPv4 Session.

5. To create the first rule:

a. Under Rules, click Add.

b. Under Source, select localip.

c. Under Destination, select any.

d. Under Action, select permit.

e. Click Apply.

Alcatel-Lucent AOS-W 6.5.3.x - Page 726