Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

How is an Access list tied to a SSID

This thread has been viewed 2 times

  • 1.  How is an Access list tied to a SSID

    Posted Nov 17, 2015 04:10 AM

    Hi All

    I am having issues with some traffic not been able to access a server from a certain SSID, This SSID is bridging locally from the AP

    When I do a show datapath session I can see it is allowed, however the flag for destination NAT is shown, why would this be ?

     

    Also what ties the access list to the SSID? Where is this done ?

    cheers

     



  • 2.  RE: How is an Access list tied to a SSID

    Posted Nov 17, 2015 04:56 AM

     

     

    The ACL is tied to the particular role the user/device is assigned.

    The role can be assigned either from the AAA Profile the VAP/SSID has assigned or it can be send in a RADIUS responds if you are using a RADIUS server.

     

    From CLI you can verify the role and how the role is getting applied  by running the command:
    show user ip <IP ADDRESS>

    Name: vfabian, IP: 192.168.1.200, MAC: 00:11:22:33:44:55, Age: 00:01:01

    Role: FULL-ACCESS-ROLE (how: ROLE_DERIVATION_DOT1X_VSA), ACL: 118/0

    Authentication: Yes, status: started, method: 802.1x, protocol: EAP-PEAP, server: CPPM-SERVER-1

    Authentication Servers: dot1x authserver: CPPM-SERVER-1, mac authserver:

     

    Role Derivation: ROLE_DERIVATION_DOT1X_VSA

    VLAN Derivation: Default VLAN

     

    Once you determine the role you can then do a show rights <ROLE NAME> to see what ACL are getting applied to the user-role