Access Points

Reply
Occasional Contributor I
Posts: 6
Registered: ‎10-28-2008

AP 65 - Unable to permit in MAC ACL

Hi All,

I am trying to configure MAC ACL onto one of the port. However, after inputting the command; The AP goes down. Remove the ACL, my AP goes up again.

I am certain the AP MAC Address is correct as i use soe into the AP to see the MAC Address. I am puzzled as to why my ACL deny my AP from going "up"

My Config as below(Partial)

ip access-list mac 700
permit host 00:0e:35:7f:7d:5e (My Laptop MAC Address)
permit host 00:1a:1e:c3:e3:aa (my AP MAC Address)
deny any

interface gigabitethernet 1/0
description "GE1/0"
trusted
ip access-group 700 in
ip access-group 700 out
switchport access vlan 10
spanning-tree portfast


Do help. Thanks alot!
Guru Elite
Posts: 20,576
Registered: ‎03-29-2007

ip access-group

It looks like you are applying the traffic filter in, and out. I think you ONLY want to apply it to inbound traffic. Try removing the ip access-group 700 out parameter, because traffic going OUT is NOT going to be FROM your AP's mac address.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎10-28-2008

Re: AP 65 - Unable to permit in MAC ACL




Thanks for your reply, actually i started out using the in function only initially. The same result also occur. My AP still went down.
Is there any function that i have failed to take notice?

Guru Elite
Posts: 20,576
Registered: ‎03-29-2007

Mac acl

Honestly, I have never used MAC ACLS before, so I guess I have to ask what are you trying to accomplish, so maybe we can find you a workaround. You can also optionally open a case with support, to see if the MAC ACL will behave like you need it to.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎10-28-2008

Re: AP 65 - Unable to permit in MAC ACL




i was thinking to use MAC Filtering in a network so that only authorize Clients is only able to log into the network. Hence, i am trying to use this MAC Filtering to allow only those clients inward.

Guru Elite
Posts: 20,576
Registered: ‎03-29-2007

MAC Authentication

Edwin,

The access point is just a device that sends traffic TO the controller. User access is provided at the role level, not applying an ACL to a port, but an authentication profile to traffic that is coming IN on an access point.. Traffic should be allowed from the access point into the controller, and the wireless LANs that you create for that access point allow you to do MAC authentication for the Clients that attach to the access points. Please look up "MAC Authentication" in the user guide to see what I'm talking about. Your ACLs are being applied to the wrong layer...


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎10-28-2008

Re: AP 65 - Unable to permit in MAC ACL

thanks for the help, i will run through the user guide. Thanks for ur time.
Guru Elite
Posts: 20,576
Registered: ‎03-29-2007

User Manual

Edwin,

If you go to Configuration> WLAN Wizard, it makes it very straightforward to create a wireless LAN. You can layer Mac Authentication on top of that; detailed in the manual.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: