Controller Based WLANs

Do all the access lists configured on the master get pushed to the local switches?

Product and Software: This article applies to all Aruba controllers and ArubaOS 3.x.

 

Not all the access lists configured on the master get pushed to the local switches. Only the session access lists configured on the master switch are pushed to the local switches. This can be verified as follows:

 

On the master:

(Aruba3200) (config) #ip access-list ? 
eth                       Ethertype access list 
extended              Extended Access List 
mac                      MAC access list 
session                 Session Access List 
standard               Standard Access List 

(Aruba3200) (config) #show switches 

All Switches 
------------ 
IP Address    Name        Location        Type    Version   Status  Configuration State  Config Sync Time (sec) 
----------    ----        --------        ----    -------   ------  -------------------  ---------------------- 
172.16.0.254  Aruba3200  Building1.floor1  master  3.3.2.12  up      UPDATE SUCCESSFUL    0

 

 

Here we can see that the master switch has an option of configuring all access lists, including session access lists. 

 

On the the local switch:

 

(Raj_200) #show switches 

All Switches 
------------ 
IP Address      Name     Location          Type   Version   Status  Configuration State                Config Sync Time (sec) 
----------      ----     --------          ----   -------   ------  -------------------                ---------------------- 
10.100.124.221  Raj_200  Building1.floor1  local  3.3.1.22  up      LAST SNAPSHOT(Master Unreachable)  0 

(Raj_200) #configure terminal 
Enter Configuration commands, one per line. End with CNTL/Z 

(Raj_200) (config) #ip access-list ? 
eth                     Ethertype access list 
extended            Extended Access List 
mac                    MAC access list 
standard             Standard Access List 

 

Here it can be seen that on the local switch, the eth, extended, mac, and standard access lists must be configured. However the session access lists are pushed from the master to all the locals.

When configuring user roles on the master switch and applying access lists to the roles, all access lists, except for the session access lists, must be created on the local switches before the configuration is pushed from the master. When the configuration is pushed from the master to all the locals, these access lists need to be present so that they get associated to the role they were configured for on the master.

 

 

Version history
Revision #:
1 of 1
Last update:
‎07-09-2014 01:35 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.