Do all the access lists configured on the master get pushed to the local switches?

Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS 3.x.


Not all the access lists configured on the master get pushed to the local switches. Only the session access lists configured on the master switch are pushed to the local switches. This can be verified as follows:


On the master:

(Aruba3200) (config) #ip access-list ? 
eth                       Ethertype access list 
extended              Extended Access List 
mac                      MAC access list 
session                 Session Access List 
standard               Standard Access List 

(Aruba3200) (config) #show switches 

All Switches 
IP Address    Name        Location        Type    Version   Status  Configuration State  Config Sync Time (sec) 
----------    ----        --------        ----    -------   ------  -------------------  ----------------------  Aruba3200  Building1.floor1  master  up      UPDATE SUCCESSFUL    0



Here we can see that the master switch has an option of configuring all access lists, including session access lists. 


On the the local switch:


(Raj_200) #show switches 

All Switches 
IP Address      Name     Location          Type   Version   Status  Configuration State                Config Sync Time (sec) 
----------      ----     --------          ----   -------   ------  -------------------                ----------------------  Raj_200  Building1.floor1  local  up      LAST SNAPSHOT(Master Unreachable)  0 

(Raj_200) #configure terminal 
Enter Configuration commands, one per line. End with CNTL/Z 

(Raj_200) (config) #ip access-list ? 
eth                     Ethertype access list 
extended            Extended Access List 
mac                    MAC access list 
standard             Standard Access List 


Here it can be seen that on the local switch, the eth, extended, mac, and standard access lists must be configured. However the session access lists are pushed from the master to all the locals.

When configuring user roles on the master switch and applying access lists to the roles, all access lists, except for the session access lists, must be created on the local switches before the configuration is pushed from the master. When the configuration is pushed from the master to all the locals, these access lists need to be present so that they get associated to the role they were configured for on the master.



Version history
Revision #:
1 of 1
Last update:
‎07-09-2014 01:35 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.