Security

Reply
Frequent Contributor II

ACL blocks UDP broadcast when specifying port

Hi.

 

I am setting up a ACL rule which says

SRC: any DST: any Service TCP / UDP *port* permit

This works as long as the server and client device communicates directly to each others IP address.

The server uses UDP broadcast on the specified port to discover devices. This does not work.

The client device "data-LED" shows some activity when the broadcast is sent, so it looks like the broadcast gets through.

The server never recieves the response tough.

 

if I change the ACL rule to say:

SRC: any DST: any Service: Any permit, the broadcast discovery works.

When I check the wireshark logs the only specified is the same port that I spesify in the rule.

 

Anyone know what might cause this?

 

Thanks!

-----------------------------------
-ACMX #352-
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Guru Elite

Re: ACL blocks UDP broadcast when specifying port

Type "show acl hits" to see if your traffic is hitting the firewall policy.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: ACL blocks UDP broadcast when specifying port

Thanks.

 

We just solved this case.

Turned out that the equipment that the customer was using is work in progress, so the documentation was not complete.

The broadcast was answered to the private/dynamic port that the broadcast was sent from. This way, the traffic was using a different destination port than what we defined in the acl. This was fixed so now everything works as expected :D

-----------------------------------
-ACMX #352-
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Guru Elite

Re: ACL blocks UDP broadcast when specifying port

Awesome.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: