Controllerless Networks

Hi,

After migrating one of my offices from Juniper WLAN to a new Aruba WLAN (conroller based), an issue was reported by one of our users not eing able to connect to a cusomter service.

When investigating this, I noticed that this particular traffic was marked with a 'D' looking at the show datapath session table.

So his particular traffic is being denied.

Below the specific output if the datapath:

1.1.1.1  2.2.2.2   6    8290  8292   0/0     0    0   0   tunnel 3770 5    1          52         FDYC
1.1.1.1  3.3.3.3   6    8283  8292   0/0     0    0   0   tunnel 3770 5    0          0          FDYC

The denying of this traffic raises some questions:

- why is this traffic being denied (security risk?)

- why can't i locate the deny rule in the statefull firewall

- what is exactly denied; source or destination (I'm assuming the latter)

To solve this I want to allow this traffic but instead of adding an allow rule, I want to change the current deny rule into allow which circles back to my second question.

Thanks for he help!

Does the user have a role?  Type "show rights <role>" to see what ACLs are applied to that user.

Hello Colin,

The system gets the guest role assigned.

I do notice predefined FW rules in the role. When I add the specific rule to this role the system should be granted access correct?

What is the reason of these predefined FW rules? I'm assuming this is done for security concerns. Just wondering what the thought of Aruba behind this is.

The predefined ACLs in the guest role is just a starting point.  You can edit that to make it whatever you want.

Alright, then I will adjust it accordingly.

Thanks