Aruba Instant & Cloud Wi-Fi

Reply
Jer
Contributor II
Posts: 58
Registered: ‎12-03-2015

traffic denied

Hi,

 

After migrating one of my offices from Juniper WLAN to a new Aruba WLAN (conroller based), an issue was reported by one of our users not eing able to connect to a cusomter service.

When investigating this, I noticed that this particular traffic was marked with a 'D' looking at the show datapath session table.

So his particular traffic is being denied.

Below the specific output if the datapath:

 

1.1.1.1  2.2.2.2   6    8290  8292   0/0     0    0   0   tunnel 3770 5    1          52         FDYC
1.1.1.1  3.3.3.3   6    8283  8292   0/0     0    0   0   tunnel 3770 5    0          0          FDYC

 

The denying of this traffic raises some questions:

 

- why is this traffic being denied (security risk?)

- why can't i locate the deny rule in the statefull firewall

- what is exactly denied; source or destination (I'm assuming the latter)

 

To solve this I want to allow this traffic but instead of adding an allow rule, I want to change the current deny rule into allow which circles back to my second question.

 

Thanks for he help!

Guru Elite
Posts: 19,949
Registered: ‎03-29-2007

Re: traffic denied

Does the user have a role?  Type "show rights <role>" to see what ACLs are applied to that user.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Jer
Contributor II
Posts: 58
Registered: ‎12-03-2015

Re: traffic denied

Hello Colin,

 

The system gets the guest role assigned.

I do notice predefined FW rules in the role. When I add the specific rule to this role the system should be granted access correct?

 

What is the reason of these predefined FW rules? I'm assuming this is done for security concerns. Just wondering what the thought of Aruba behind this is.

Guru Elite
Posts: 19,949
Registered: ‎03-29-2007

Re: traffic denied

The predefined ACLs in the guest role is just a starting point.  You can edit that to make it whatever you want.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Jer
Contributor II
Posts: 58
Registered: ‎12-03-2015

Re: traffic denied

Alright, then I will adjust it accordingly.

 

Thanks

Search Airheads
Showing results for 
Search instead for 
Did you mean: