06-20-2014 02:59 PM
I have 2 vlans - employee & guest. I want to block guest from employee vlan but allow internet access.
With Cisco I would have done
ip access-list extended BlockGuest
deny ip 10.30.54.0 0.0.0.255 10.30.50.0 0.0.0.255
permit ip any any
ip address 10.30.54.1 255.255.255.0
ip access-group BlockGuest in
Can someone point me in right direction to the Aruba equivalant?
06-20-2014 03:01 PM
06-20-2014 03:03 PM
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
06-20-2014 03:08 PM
Guest user-role - Is that assuming that the pc that is plugged into a port, then has to authenticate before allowing access?
So you have to use the Captive Portal?
Do you have to use authentication or can you take that off?
06-20-2014 03:10 PM
06-20-2014 03:18 PM
Although most likely it will only be APs accessing Guest, but they don't want Guest to authenticate.
Would the Aruba APs be able to restrict the access?
Reading RN for 7.3 and it talks about
Router ACLs (RACLs)
Router ACLs perform access control on all traffic entering the specified Routed VLAN Interface. Roter ACLs provide
access control based on the Layer 3 addresses or Layer 4 port information and ranges. RACLs can only be applied
to ingress traffic.
Would that not be the same as Cisco VACLs - would have been nice to see example in user guide
06-20-2014 03:20 PM
06-20-2014 03:28 PM