Users Guide
g. Repeat steps A-F to create a rule for svc-dns.
To create a rule to deny access to the internal network:
a. Under Source, select user.
b. Under Destination, select alias. Select Internal Network.
c. Under Service, select any.
d. Under Action, select drop.
e. Click Add.
To create rules to permit HTTP and HTTPS access during working hours:
a. Under Source, select user.
b. Under Destination, select any.
c. Under Service, select service. In the Services scrolling list, select svc-http.
d. Under Action, select permit.
e. Under Time Range, select working-hours.
f. Click Add.
g. Repeat steps A-F for the svc-https service.
To create a rule that denies the user access to all destinations and all services:
a. Under Source, select user.
b. Under Destination, select any.
c. Under Service, select any.
d. Under Action, select drop.
e. Click Add.
6. Click Apply.
7. Click the User Roles tab. Click Add to create the guest role.
8. For Role Name, enter guest.
9. Under Firewall Policies, click Add. In Choose from Configured Policies, select the guest policy you
previously created. Click Done.
In the CLI
time-range working-hours periodic
weekday 07:30 to 17:00
(host)(config) #ip access-list session guest
user host 10.1.1.25 svc-dhcp permit time-range working-hours
user host 10.1.1.25 svc-dns permit time-range working-hours
user alias “Internal Network” any deny
user any svc-http permit time-range working-hours
user any svc-https permit time-range working-hours
user any any deny
(host)(config) #user-role guest
session-acl guest
Creating Roles and Policies for Sysadmin and Computer
The allowall policy, a predefined policy, allows unrestricted access to the network. The allowall policy is
mapped to both the sysadmin user role and the computer user role.
Dell Networking W-Series ArubaOS 6.4.x | User Guide 802.1X Authentication | 342