Specifications
OmniAccess Reference: AOS-W System Reference
244 Part 031652-00 May 2005
Printer Policy
The following policy is used for the printer role. It restricts printers to
communicating only with the print server, and only on specific port numbers.
Any violation of the printer policy will trigger a log message, notifying the
system administrator that a possible network security breach had occurred.
ip access-list session printer-acl
user host 172.16.31.26 svc-windows-printing permit
user host 172.16.31.27 svc-windows-printing permit
any any any deny log
Guest Policy
The following policies permit guest access only to the Internet, and only during
daytime working hours.
time-range working-hours periodic
weekday 07:30 to 17:00
ip access-list session guest
user host 10.1.1.25 svc-dhcp permit time-range working-hours
user host 10.1.1.25 svc-dns permit time-range working-hours
user alias district-network any deny
user any svc-http permit time-range working-hours
user any svc-https permit time-range working-hours
user any any deny
User Role Configuration
The following configuration establishes the user roles in the switch, and maps
firewall policies to user roles. Additionally, guest traffic is limited to 1Mbps.
user-role printer
session-acl printer-acl
!
user-role student
session-acl student
session-acl allowall
!
user-role sysadmin
session-acl allowall
!
user-role faculty
session-acl faculty
session-acl allowall
!