Campus Switching and Routing

Reply
sr
Occasional Contributor I
Posts: 9
Registered: ‎06-21-2016

Meaning of "localip" and "user" keywords in "ip access-list session" definition

In the session ACL, we can use the keywords "localip" and "user" either as a source or a destination, but there is no definition in the documentation for these keywords.

For the "localip", is-it all the IP addresses assigned to the controller?

For the "user", is-it all the client IP addresses as there are listed in the user-table?

 

 

Contributor II
Posts: 54
Registered: ‎12-01-2016

Re: Meaning of "localip" and "user" keywords in "ip access-list session&quo

The descriptions are actually mentioned in the documentation @ http://www.arubanetworks.com/techdocs/ArubaOS_61/ArubaOS_61_CLI/ip.htm

 

<source>

The traffic source, which can be one of the following:

alias: specify the network resource (use the netdestination command to configure aliases; use the show netdestination command to see configured aliases)

any: match any traffic

host: specify a single host IP address

localip: specify the local IP address to match traffic

network: specify the IP address and netmask

user: represents the IP address of the user

Jibran Aziz
ACDX | ACCP | ACMP | ACMA | CCIE (RnS, SP, DC) | JNCIS | JNCIA
sr
Occasional Contributor I
Posts: 9
Registered: ‎06-21-2016

Re: Meaning of "localip" and "user" keywords in "ip access-list session&amp

I had already found these definitions in the documentation, but there are not explanation of what "specify the local IP address to match traffic" or "represents the IP address of the user" exactly mean.

 

What is the loca IP address? Local addresses configured on the controller for each VLAN? Main IP administration address?

 

And for the user, all the IP addresses of all the clients currently detected by the controller?

 

sr
Occasional Contributor I
Posts: 9
Registered: ‎06-21-2016

Re: Meaning of "localip" and "user" keywords in "ip access-list session&quo

Nobody has more detailed information to share about these two options in the ACL definition?

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Meaning of "localip" and "user" keywords in "ip access-list session&amp

"user" is a reserved alias that represents any user in the user table.  You would use it if you want to allow or block traffic to all users in the user table.

 

"localip" is also a reserved alias, but it has very limited use.  Remote APs had a mechanism called "zero touch provisioning", where the end-user could boot a RAP and enter provisioning parameters right on the RAP (the RAP console) for it to connect to its controller.  The localip variable represented the ip address that the RAP had and it would allow you to block access to that web page.  It is not useful for anything else, really.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: