User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

651

652

653

654

655

656

657

658

659

660

Figure 80 displays corporate traffic is GRE tunneled to the controller through a trusted tunnel and local traffic

is source NATed and bridged on the wired interface based on the configured user role and session ACL.

Configuring Split Tunneling

The procedure to configure split tunneling requires the following steps. Each step is described in detail later in

this chapter.

The split tunneling feature requires the PEFNG license. If you do not have the PEFNG license on your controller, you

must install it before you configure split tunneling. For details on installing licenses, see Software Licenses on page

130.

1. Define a session ACL that forwards only corporate traffic to the controller.

a. Configure a net destination for the corporate subnets.

b. Create rules to permit DHCP and corporate traffic to the corporate controller.

c. Apply the session ACL to a user role. For information about user roles and policies, see Roles and Policies

on page 364.

2. (Optional) Configure an ACL that restricts remote AP users from accessing the remote AP local debugging

homepage.

3. Configure the remote AP’s AAA profile.

a. Specify the authentication method (802.1x or PSK) and the default user role for authenticated users.

The user role specified in the AAA profile must contain the session ACL defined in the previous step.

b. (Optional) Use the remote AP’s AAA profile to enable RADIUS accounting.

4. Configure the virtual AP profile:

a. Specify which AP group or AP to which the virtual AP profile applies.

b. set the VLAN used for split tunneling. Only one VLAN can be configured for split tunneling; VLAN pooling

is not allowed.

c. When specifying the use of a split tunnel configuration, use “split-tunnel” forward mode.

d. Create and apply the applicable SSID profile.

When creating a new virtual AP profile In the WebUI, you can also configure the SSID at the same time. For

information about AP profiles, see Understanding AP Configuration Profiles on page 488.

5. (Optional) Create a list of network names resolved by corporate DNS servers.

Configuring the Session ACL Allowing Tunneling

First you need to configure a session ACL that “permits” corporate traffic to be forwarded (tunneled) to the

controller, and that routes, or locally bridges, local traffic.

Using the WebUI

1. Navigate to the Configuration > Security > Access Control > Policies page.

2. Click Add to create a new policy.

3. Enter the policy name in the Policy Name field.

4. From the Policy Type drop-down list, select Session.

5. From the IP Version drop-down list, select IPv4 or IPv6.

6. To create the first rule:

a. Under Rules, click Add.

Dell Networking W-Series ArubaOS 6.4.x | User Guide Remote Access Points | 657