732| Remote Access Points AOS-W 6.5.3.x| User Guide
16.Click Apply.
In the CLI
If dhcp server in ap system profile is enabled
(host) (config) #ip access-list session <policy> any any svc-dhcp permit
(host) (config) #user any any route src-nat
If dhcp server in ap system profile is disabled
(host) (config) #ip access-list session <policy>
(host) (config) #any any any permit
(host) (config) #user-role <role>
To configure an ACL to Restrict Local Debug Homepage Access, see Configuring an ACL to Restrict Local Debug
Homepage Access on page 726.
Configuring the AAA Profile for Bridge
After you configure the session ACL, you define the AAA profile used for bridge. When defining the AAA
parameters, specify the previously configured user role that contains the session ACL used for bridge.
If you enable RADIUS accounting in the AAA profile, the switch sends a RADIUS accounting start record to the
RADIUS server when a user associates with the remote AP, and sends a stop record when the user logs out or is
deleted from the user database. If you enable interim accounting, the switch sends updates at regular
intervals. Each interim record includes cumulative user statistics, including received bytes and packets
counters. For more information on RADIUS accounting, see RADIUS Accounting on page 206.
In the WebUI
1. Navigate to the Security > Authentication > AAA Profiles page. From the AAA Profiles Summary list,
click Add.
2. Enter the AAA profile name, then click Add.
3. Select the AAA profile that you just created.
a. For 802.1X Authentication Default Role, select the user role you previously configured for split
tunneling or bridge, then click Apply.
b. Under the AAA profile that you created, locate 802.1X Authentication Server Group, and select the
authentication server group to use, then click Apply.
4. (Optional) To enable RADIUS accounting:
a. Select the AAA profile from the profile list to display the list of authentication and accounting profiles
associated with the AAA profile.
b. Select the Radius Accounting Server Group profile associated with the AAA profile. Click the RADIUS
Accounting Server Group drop-down list to select a RADIUS server group. (For more information on
configuring a RADIUS server or server group, see Configuring a RADIUS Server on page 179.)
c. To enable RADIUS Interim Accounting, select the AAA profile name from the profile list, then click
the RADIUS Interim Accounting checkbox. This option is disabled by default, allowing the switch to
send only start and stop messages RADIUS accounting server.
5. Click Apply.
If you need to create an authentication server group, select new and enter the appropriate parameters.
In the CLI
Use the following command:
(host) (config) #aaa profile <name>
To Next Page
Loading...