Dell 6.2 Understanding Split Tunneling

535| Remote AccessPoints DellPowerConnect W- Series ArubaOS 6.2 | UserGuide

unauthorizedAP s are put into the temporary AP group authorization-group and assigned the predefinedprofile

NoAuthApGroup. Thisc onfigurationallows the user to connect to an unauthorizedremote AP via a wired port then

entera corporate username and password. Oncea valid user has authorized the AP and the remote AP w illbe marked

as authorized on the network.The remote AP wi llthen download the configuration assigned to that AP by it 's

permanentAP group.

To create a new authorization profile or edit an existing authorization profile via t heWebUI:

1. Select Configuration >All Profiles. The All Profile Management window opens.

2. Select APt o expandthe AP profile menu.

3. Select APA uthorization Profile. The Profile Details pane appears and displays the list of existing AP

authorization profiles.

lTo edit an existing profile, select a profile fromfrom the Profile D etails pane.

lTo create a new authorization profile,enter a new profile name in the entry blank on thePr ofile Details pane,

then click Add.

4. The Profile Details window will display the AP group currently definedfor t hat authorization profile. To select a

new AP group,click the drop-down list andselect a different AP group name.

5. Click Apply to save your changes.

To create a new authorization profile or edit an existing authorization profile via t hec ommand-lineinterface, access

the command-lineinterface in enable mode, and issue the followingcommands.

ap authorization-profile <profile>

authorization-group <ap-group>

Remote APs support the following access controllists (A CLs);unless otherwise noted, you apply these ACLS to user

roles:

lStandardACLs—Permit o rdeny traffic based on the source IP address of the packet.

lEthertype ACLs—Filter traffic basedo nt heE thertype fieldin the frame header.

lMAC ACLs—Filter traffic ona speci fic sourceMAC address or range of MAC addresses.

lFirewallpolicies (sessi on ACLs)—Identifies specific characteristics about a data packet passing throughthe Dell

controllerand takes some action based on that identific ation. You applythese ACLs to user roles or uplink ports.

NOTE:To configure firew all policies, you must install the PEFNG license.

For more information about ACLs and firewall policies, see "Configuring FallbackMode" on page 52 4.

Understanding Split Tunneling

The split tunnelingfeature allows you to optimize traffic flow by directing only corporatetraffic back to the

controller,while local application traffic remains local. This ensures that local traffic does not incur the overhead of

the roundtrip to the controller, which decreases traffic on theWAN link and minimizes latency for local application

traffic.T his is usefulfor sites that have local servers andprinters. With split tunneling, a remoteuser associat esw ith

a singleSSID ,not multiple SSIDs, to access corporate resources (for example,a mail server) and local resources(for

example,a local printer). The remote AP examines sessi on ACLs to distinguish between corporate t rafficdest ined

for the controllerand local traffic.