User's Manual
Predefined Policy Description
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
The default pre-
authentication role
that should be used
by all wireless
clients. Prohibits
the client from
acting as a DHCP
server. Permits all
ICMP, DNS, and
DHCP. Also permits
IPsec NAT-T (UDP
4500). Remove
NAT-T if not
needed.
ip access-list session srcnat
user any any src-nat
This policy can be
used to source-
NAT all traffic.
Because no NAT
pool is specified,
traffic that matches
this policy will be
source NATed to
the IP address of
the controller.
ip access-list session skinny-acl
any any svc-sccp permit queue high
Use for Cisco
Skinny VoIP devices
to automatically
permit and
prioritize VoIP
traffic.
ip access-list session tftp-acl
any any svc-tftp permit
Permits all TFTP
traffic.
ip access-list session guest This policy is not
used.
ip access-list session dhcp-acl
any any svc-dhcp permit
Permits all DHCP
traffic. If DHCP is
not allowed, clients
will not be able to
request or renew IP
addresses.
ip access-list session http-acl
any any svc-http permit
Permits all HTTP
traffic.
ip access-list session svp-acl
any any svc-svp permit queue high
user host 224.0.1.116 any permit
Use for Spectralink
VoIP devices to
automatically
permit and
prioritize
Spectralink Voice
Protocol (SVP).
Dell Networking W-Series ArubaOS 6.4.x | User Guide Behavior and Defaults | 1045