Aruba Instant & Cloud Wi-Fi

Reply
New Contributor
Posts: 3
Registered: ‎05-01-2012

How do I create an Instant AP rule to allow a port or ports from a network or host

I am trying to create an Access rule that allows ping or a specific remote control port though to a wireless client on an Instant AP.

 

The rule I can create lets me allow ICMP from the wirless client to another network (subnet/VLAN) or host in another subnet or VLAN.

 

Thanks,

 

Steve 

MVP
Posts: 4,271
Registered: ‎07-20-2011

Re: How do I create an Instant AP rule to allow a port or ports from a network or host

 

Once you create a network you define the ACLs under that role 

Instant_2013-12-12_15-15-03.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor
Posts: 3
Registered: ‎05-01-2012

Re: How do I create an Instant AP rule to allow a port or ports from a network or host

Thanks, In the destination field - I have the choice of  'to a network'. Is there somewhere the detination can be 'from a network' ??

 

Or is there a way to create a rule that allows or denies from a source ??

 

Thank you,

 

Steve

 

MVP
Posts: 4,271
Registered: ‎07-20-2011

Re: How do I create an Instant AP rule to allow a port or ports from a network or host

[ Edited ]

 

Try it from the CLI :

 

test_iap (Access Rule "test-role") # rule 192.168.3.0 255.255.255.0 10.10.10.0 255.255.255.0 tcp 443 deny 

 

It looks like its not available from the GUI only to deny to certain destination, I have not test this so not quite sure if it will even work properly

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Aruba Employee
Posts: 201
Registered: ‎07-14-2013

Re: How do I create an Instant AP rule to allow a port or ports from a network or host

Unfortunately, as of today we do not support ACLs with source IPs.. We are looking into adding this feature.

Could I check my understanding of the original requirement: You want to allow certain wireless clients to ping a wired host, but not other wireless clients, which means you need the source IP in the ACL rule. Is my understanding correct?
MVP
Posts: 4,271
Registered: ‎07-20-2011

Re: How do I create an Instant AP rule to allow a port or ports from a network or host

[ Edited ]

 

That's what I thought but I wasn't sure , since it wasn't available when trying to configure through the GUI

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor
Posts: 3
Registered: ‎05-01-2012

Re: How do I create an Instant AP rule to allow a port or ports from a network or host

Thank you - I am wanting to create an ACL with a source IP.

 

What I want to do is allow a wired client (or subnet) to ping and remote proxy a wireless client. I want to block these actions from all other clients or subnets - wired or wireless.

 

We thought that we read somewhere that a rule setup to allow a port from the wireless client 'to a network' (a wired subnet) that the action would be allowed in both directions. We have tested this - It is not allowed in both directions.

 

Steve

Search Airheads
Showing results for 
Search instead for 
Did you mean: