Introduction : Domain-based ACL is similar regular ACL's but the destination is mentioned as domain name instead of destination IP address. Access to specific domains is allowed or denied based on the ACL rule definition.
Feature Notes :
Starting from InstantOS 6.3.1.1-4.0, Instant supports configuration of domain-based Access Control List (ACL) rule.
Environment : This article applies to Aruba Instant Access Points running InstantOS version.
Configuration Steps :
Following images show the configuration of domain-based ACL on Instant AP web interface:
-
Login to web interface of Instant AP
-
Click "New" to create a new SSID or select the network and click "Edit"
-
Navigate to the "Access" section.
NOTE: By default, a role with the SSID name is automatically created. For example, in the below image the SSID name is "Employee-Wireless' and role by the same name is created.
Below, in the image the clients are not allowed to access youtube. Any packet reaching to the domain "youtube" will be denied access.
Verification :
Verification of the configuration can be done from GUI or CLI. Following image shows the command line screen shot: