EasyManua.ls Logo

Alcatel-Lucent AOS-W 6.5.3.x - Page 727

Alcatel-Lucent AOS-W 6.5.3.x
1160 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Figure 104 Enable Restricted Access to LD Homepage
In the CLI
Use the localip keyword in the user role ACL.
All users have an ACL entry of type any any deny by default. This rule restricts access to all users. When the
ACL is configured for a user role, if a user any permit ACL rule is configured, add a deny ACL before that for
localip for restricting the user from accessing the LD homepage.
Example:
(host) (config) #ip access-list session logon-control
user localip svc-http deny
user any permit
Configuring the AAA Profile for Tunneling
After you configure the session ACL, you define the AAA profile used for split tunneling. When defining the AAA
parameters, specify the previously configured user role that contains the session ACL used for split tunneling.
If you enable RADIUS accounting in the AAA profile, the switch sends a RADIUS accounting start record to the
RADIUS server when a user associates with the remote AP, and sends a stop record when the user logs out or is
deleted from the user database. If you enable interim accounting, the switch sends updates at regular
intervals. Each interim record includes cumulative user statistics, including received bytes and packets
counters. For more information on RADIUS accounting, see RADIUS Accounting on page 206
In the WebUI
1. Navigate to the Security > Authentication > AAA Profiles page. From the AAA Profiles Summary list, click
Add.
2. Enter the AAA profile name, then click Add.
3. Select the AAA profile that you just created.
a. For 802.1X Authentication Default Role, select the user role you previously configured for split
tunneling, then click Apply.
b. Under the AAA profile that you created, locate 802.1X Authentication Server Group, and select the
authentication server group to use, then click Apply.
4. (Optional) To enable RADIUS accounting:
a. Select the AAA profile from the profile list to display the list of authentication and accounting profiles
associated with the AAA profile.
b. Select the Radius Accounting Server Group profile associated with the AAA profile. Click the RADIUS
Accounting Server Group drop-down list to select a RADIUS server group. (For more information on
configuring a RADIUS server or server group, see Configuring a RADIUS Server on page 179.)
AOS-W 6.5.3.x | User Guide Remote Access Points | 727

Table of Contents