Wireless Access

Reply
Occasional Contributor I
Posts: 9
Registered: ‎04-04-2014

How to I set ACL's on a particular vlan to block all management access?

I have a public facing vlan that my guest vlan source nats through. Since this vlan is public, how do I block all management access to the public facing ip addrss on the vlan?

Aruba
Posts: 1,377
Registered: ‎12-12-2011

Re: How to I set ACL's on a particular vlan to block all management access?

You can associate a session acl to the VLAN.  MAKE SURE you leave the port trusted!  If you enable no trust, then your user table will fill up with internet traffic!

 

See here:

Screenshot 2014-04-29 12.19.53.png

 

Here is an example of this policy...tailor it to what you require:

 

Screenshot 2014-04-29 12.20.29.png

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor I
Posts: 9
Registered: ‎04-04-2014

Re: How to I set ACL's on a particular vlan to block all management access?

I cannot seem to add an acl in the gui or the comand line. I do not have PEF licenses on my 3400 controler.

Guru Elite
Posts: 8,634
Registered: ‎09-08-2010

Re: How to I set ACL's on a particular vlan to block all management access?

You could try using the control plane ACL. 

 

You can show the current entires with the following command:

 

#show firewall-cp internal

 You can add entries in global config mode:

 

(config) #firewall cp

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 9
Registered: ‎04-04-2014

Re: How to I set ACL's on a particular vlan to block all management access?

That does not seem to be what I am looking for either. I was able to create a new seesion acl, but i cannot add rules to the acl. I simply want to block access to the public ip adress on the public vlan.

 

All of my vlans are assigned to port channel. Arubaos 6.3 on 3400 controller no PEF licenses. 

 

What i am looking for is an acl like:

ipv4 any <public ip> any deny     If this takes, will this break my source nt trough this vlan?

 

Guru Elite
Posts: 8,634
Registered: ‎09-08-2010

Re: How to I set ACL's on a particular vlan to block all management access?

[ Edited ]

You can't modify session ACLs without a PEF license. You may want to block the traffic upstream of the controller.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: