Hi,
:smileyhappy:
**IF U JUST WANT TO ENABLE FIREWALL ON PORT/VLAN - JUST ADD ACL PROFILE to your VLAN/PORT**
You can if you are using different vlans for each tunnel. You can apply the aaa profile right on the vlan itself.
ANOTHER METHOD:
You can enable Wired port ACL profile and mark the port as unstrusted. (IF U WANT TO AUTH USERS TRAFFIC VIA THIS PORT)
AAA USERS/DEVICES VIA WIRED PORT - the controller considers IP connections from "untrusted" ports to be defined by the configuration within the "aaa authentication wired" global controller context. Within it, you can select a AAA profile, which determines an initial role of inbound traffic/devices/users etc. That initial role is how IP connections from a device on an untrusted port is handled (much like the way a AAA applies to a VAP).
I.e. if you setup an appropriate role within a AAA profile, and put it in the "aaa authentication wired" context, you should get the result you want.
Have a lovley day.:smileywink:
me