User's Manual
16.Click Apply.
Using the CLI
If dhcp server in ap system profile is enabled
ip access-list session <policy> any any svc-dhcp permit
user any any route src-nat
If dhcp server in ap system profile is disabled
ip access-list session <policy>
any any any permit
user-role <role>
session-acl <policy>
To configure an ACL to Restrict Local Debug Homepage Access, see Configuring an ACL to Restrict Local Debug
Homepage Access on page 659.
Configuring the AAA Profile for Bridge
After you configure the session ACL, you define the AAA profile used for bridge. When defining the AAA
parameters, specify the previously configured user role that contains the session ACL used for bridge.
If you enable RADIUS accounting in the AAA profile, the controller sends a RADIUS accounting start record to
the RADIUS server when a user associates with the remote AP, and sends a stop record when the user logs out
or is deleted from the user database. If you enable interim accounting, the controller sends updates at regular
intervals. Each interim record includes cumulative user statistics, including received bytes and packets
counters. For more information on RADIUS accounting, see RADIUS Accounting on page 245.
In the WebUI
1. Navigate to the Security > Authentication > AAA Profiles page. From the AAA Profiles Summary list,
click Add.
2. Enter the AAA profile name, then click Add.
3. Select the AAA profile that you just created.
a. For 802.1X Authentication Default Role, select the user role you previously configured for split
tunneling or bridge, then click Apply.
b. Under the AAA profile that you created, locate 802.1x Authentication Server Group, and select the
authentication server group to use, then click Apply.
4. (Optional) To enable RADIUS accounting:
a. Select the AAA profile from the profile list to display the list of authentication and accounting profiles
associated with the AAA profile.
b. Select the Radius Accounting Server Group profile associated with the AAA profile. Click the RADIUS
Accounting Server Group drop-down list to select a RADIUS server group. (For more information on
configuring a RADIUS server or server group, see Configuring a RADIUS Server on page 226.)
c. To enable RADIUS Interim Accounting, select the AAA profile name from the profile list, then click
the RADIUS Interim Accounting checkbox. This option is disabled by default, allowing the controller to
send only start and stop messages RADIUS accounting server.
5. Click Apply.
If you need to create an authentication server group, select new and enter the appropriate parameters.
In the CLI
Use the following command:
aaa profile <name>
Dell Networking W-Series ArubaOS 6.4.x | User Guide Remote Access Points | 665