User's Manual
656 | Remote Access Points Dell Networking W-Series ArubaOS 6.4.x| User Guide
5. Click Apply.
In the CLI
To create a new authorization profile or edit an existing authorization profile via the command-line interface,
access the command-line interface in enable mode, and issue the following commands.
ap authorization-profile <profile>
authorization-group <ap-group>
Working with Access Control Lists and Firewall Policies
Remote APs support the following access control lists (ACLs); unless otherwise noted, you apply these ACLS to
user roles:
l Standard ACLs—Permit or deny traffic based on the source IP address of the packet.
l Ethertype ACLs—Filter traffic based on the Ethertype field in the frame header.
l MAC ACLs—Filter traffic on a specific source MAC address or range of MAC addresses.
l Firewall policies (session ACLs)—Identifies specific characteristics about a data packet passing through the
Dell controller and takes some action based on that identification. You apply these ACLs to user roles or
uplink ports.
To configure firewall policies, you must install the PEFNG license.
For more information about ACLs and firewall policies, see Configuring Fallback Mode on page 645.
Understanding Split Tunneling
The split tunneling feature allows you to optimize traffic flow by directing only corporate traffic back to the
controller, while local application traffic remains local. This ensures that local traffic does not incur the
overhead of the round trip to the controller, which decreases traffic on the WAN link and minimizes latency for
local application traffic. This is useful for sites that have local servers and printers. With split tunneling, a
remote user associates with a single SSID, not multiple SSIDs, to access corporate resources (for example, a
mail server) and local resources (for example, a local printer). The remote AP examines session ACLs to
distinguish between corporate traffic destined for the controller and local traffic.
Figure 80 Sample Split Tunnel Environment