To configure ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. rules for a user role for Deep Packet Inspection (DPIDeep Packet Inspection. DPI is an advanced method of network packet filtering that is used for inspecting data packets exchanged between the devices and systems over a network. DPI functions at the Application layer of the Open Systems Interconnection (OSI) reference model and enables users to identify, categorize, track, reroute, or stop packets passing through a network. ), complete the following procedure:
1. In the app, set the filter to a group that contains at least one AP.
The dashboard context for the group is displayed.
2. Under, click .
3. Click the icon to display the AP configuration dashboard.
4. Click .
5. Click the Security tab.
6. Under , select the role for which you want to configure access rules.
7. Under , click to add a new rule.
The window is displayed.
8. Under , select
9. To configure access to applications or application categories, select a service category from the following list:
Network
App Category
Application
Web Category
Web Reputation
10. Based on the selected service category, configure the following parameters:
|
Service category |
Description |
|
|
Select the application categories to which you want to allow or deny access. |
|
|
Select the applications to which you want to allow or deny access. |
|
|
Application throttling allows you to set a bandwidth limit for an application and application categories. For example, you can limit the bandwidth rate for video streaming applications such as YouTube or Netflix, or assign a low bandwidth to high risk sites. To specify a bandwidth limit: 1. Select the check box. 2. Specify the and rates in KbpsKilobits per second. per user. |
|
|
Select one of the following actions: —Translation of the destination IP address of a packet entering the network. —Used by internal users to access the internet. —Select to allow access users based on the access rule. —Select to deny access to users based on the access rule. |
|
|
Select a destination option for the access rules for network services, applications, and application categories. You can allow or deny access to any the following destinations based on your requirements. — Access is allowed or denied to all destinations. —Access is allowed or denied to a particular server. After selecting this option, specify the IP address of the destination server. —Access is allowed or denied to servers other than the specified server. After selecting this option, specify the IP address of the destination server. —Access is allowed or denied to a network. After selecting this option, specify the IP address and netmask for the destination network. —Access is allowed or denied to networks other than the specified network. After selecting this option, specify the IP address and netmask of the destination network. —Access is allowed or denied to the specified domains. After selecting this option, specify the domain name in the text box. —Traffic to the specified Instant AP is allowed. After selecting this option, specify the domain name in the text box. —Traffic to the specified Instant AP network is allowed. After selecting this option, specify the domain name in the text box. —Traffic to the specified master Instant AP or virtual controller is allowed. After selecting this option, specify the domain name in the text box. |
|
|
Select this check box if you want a log entry to be created when this rule is triggered. Aruba Central supports firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. based logging. Firewall logs on the Instant APs are generated as security logs. |
|
|
Select the check box to blacklist the client when this rule is triggered. The blacklisting lasts for the duration specified as on the Blacklisting tab of the window. |
|
|
Select the check box to classify and tag media on https traffic as voice and video packets. |
|
|
Select check box to disable ARMAdaptive Radio Management. ARM dynamically monitors and adjusts the network to ensure that all users are allowed ready access. It enables full utilization of the available spectrum to support maximum number of users by intelligently choosing the best RF channel and transmit power for APs in their current RF environment. scanning when this rule is triggered. The selection of the applies only if ARM scanning is enabled. |
|
|
Select this check box to add a DSCPDifferentiated Services Code Point. DSCP is a 6-bit packet header value used for traffic classification and priority assignment. tag to the rule. DSCP is an L3 mechanism for classifying and managing network traffic and providing QoSQuality of Service. It refers to the capability of a network to provide better service and performance to a specific network traffic over various technologies. on the network. To assign a higher priority, specify a higher value. |
|
|
Select this check box to enable 802.1p priority. 802.1p priority is an L2 protocol for traffic prioritization to manage QoS on the network. There are eight levels of priority, 0-7. To assign a higher priority, specify a higher value. |
|
|
Select this check box to enable user
to access network for a specific time period. You can select the time range profile from the drop-down list that appears when the check box is selected. |
3. Click .
