Wireless Access

Reply
Occasional Contributor I
Posts: 5
Registered: ‎08-15-2016

How do I add an ACL to a VLAN rather than a role?

Hi Guys,

We have a bunch of media sharing devices that need to sit on a VLAN the Aruba controls so that I can use the Airplay functionality to allow wireless screen sharing accross the WLAN via Airgroup. We do this already for Apple TV devices but we are trialing new devices that support Airplay, Miracast and Chromecast in all in one box.

I need to add a policy to this VLAN to allow exernal access to the cloud based command and control centre for these devices.

What is the best way to do this?

Create an alias for the VLAN, and create an session babsed ACL to allow the access, the bit I don't get is how to apply that rule to the VLAN.

Is a session based ACL the correct route?

Do I need to create a role for the VLAN itself?

 

Im not sure about the best way to do this so suggestions are welcome.

Occasional Contributor I
Posts: 5
Registered: ‎08-15-2016

Re: How do I add an ACL to a VLAN rather than a role?

OK, maybe a possible method?

 

If I look at the Ports config page, we have one link back to our core where every single vlan is untrusted and tagged on this single link.

 

In the 'Enter VLAN(s)' section I select 'new' and create a policy and assign it to VLAN 54.

 

If this works the way I think it will then in the Firewall Policy  section I can assign the policy I have created and assign it to both in and out?

Do I need to add it in the session drop down box as well???

 

Will that work, and will it only affect VLAN 54? Im asking as every VLAN the Aruba controls is on that interface.

 

I have attached a jpeg of the proposed changes

 

 

Guru Elite
Posts: 8,340
Registered: ‎09-08-2010

Re: How do I add an ACL to a VLAN rather than a role?

Have you considered using the AP multicast aggregation feature instead?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 5
Registered: ‎08-15-2016

Re: How do I add an ACL to a VLAN rather than a role?

Im already assuming we are already as we are using Airgroup along with CPPM?

 

The Apple TV's work, but the new Barco mirroring/sharing devices need to register against a cloud based service and they can't get through to register. Im hoping the method above will allow them to access external resources defined in a policy, this was never needed for the Apple devices. Im sure that once they have registered, then the wireless mirroring function will work same as airplay.

 

I tried creating a policy to allow, but couldn't find a way to assign it to a VLAN until I found a possible method outlined in the jpeg attached

Am I looking at the correct method?

Guru Elite
Posts: 8,340
Registered: ‎09-08-2010

Re: How do I add an ACL to a VLAN rather than a role?

AP multicast aggregation is a controller feature that looks for mDNS and SSDP packets on the wired network where the AP is connected and send the advertisements up to the controller.

 

This would eliminate having to have your controller connected to the edge of the wired network.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: