Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

241

242

243

244

245

246

247

248

249

250

249 | Deep Packet Inspection and Application Visibility Aruba Instant 6.4.0.2-4.1 | User Guide

Service

Category

Description

1. Select the Application Throttling checkbox.

2. Specify the downstream and upstream rates in Kbps.

Action

Select any of following actions:

l Select Allow to allow access users based on the access rule.

l Select Deny to deny access to users based on the access rule.

l Select Destination-NAT to allow changes to destination IP address.

l Select Source-NAT to allow changes to the source IP address.

The destination-nat and source-nat actions apply only to the network services rules.

Destination

Select a destination option for the access rules for network services, applications, and

application categories. You can allow or deny access to any the following destinations based

on your requirements.

l to all destinations— Access is allowed or denied to all destinations.

l to a particular server—Access is allowed or denied to a particular server. After selecting

this option, specify the IP address of the destination server.

l except to a particular server—Access is allowed or denied to servers other than the

specified server. After selecting this option, specify the IP address of the destination

server.

l to a network—Access is allowed or denied to a network. After selecting this option, specify

the IP address and netmask for the destination network.

l except to a network—Access is allowed or denied to networks other than the specified

network. After selecting this option, specify the IP address and netmask of the destination

network.

l to domain name—Access is allowed or denied to the specified domains. After selecting

this option, specify the domain name in the Domain Name text box.

l to master IP—Access is allowed or denied to the master IP address.

Log

Select this checkbox if you want a log entry to be created when this rule is triggered. Instant

supports firewall based logging function. Firewall logs on the IAPs are generated as security

logs.

Blacklist

Select the Blacklist checkbox to blacklist the client when this rule is triggered. The blacklisting

lasts for the duration specified as Auth failure blacklist time on the Blacklisting tab of the

Security window. For more information, see Blacklisting Clients on page 172.

Disable scanning Select Disable scanning checkbox to disable ARM scanning when this rule is triggered.

The selection of the Disable scanning applies only if ARM scanning is enabled, For more

information, see Configuring Radio Settings for an IAP on page 239.

DSCP tag Select the DSCP tag checkbox to specify a DSCP value to prioritize traffic when this rule is

triggered. Specify a value within the range of 0 to 63. To assign a higher priority, specify a

higher value.

802.1p priority Select the 802.1p priority checkbox to specify an 802.1p priority. Specify a value between 0

and 7. To assign a higher priority, specify a higher value.

Table 49:

Access Rule Configuration Parameters

3. Click OK and then click Finish.

In the CLI

To configure access rules:

(Instant AP)(config)# wlan access-rule <access-rule-name>

(Instant AP)(Access Rule <Name>)#rule <dest> <mask> <match/invert> {app <app> {permit|deny}

|appcategory <appgrp>}[<option1....option9>]

(Instant AP)(Access Rule <Name>)# end