Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

PBR in Aruba controller

This thread has been viewed 5 times

  • 1.  PBR in Aruba controller

    Posted Nov 20, 2014 10:14 PM

    Dear all experts,

    I'm implementing Aruba controller 7210 however my customer site has 2 ISP links. So by default , gateway will point to ISP router1 and for some SSID will have PBR point to ISP router2. So i must use PBR to force some source ip address to use ISP router2 for internet accessing. However due to PBR must use "ACL stateless" , so i'm not sure does it have any effect with any stateful firewall features or not? And for this example :

     

    (host) (config) #ip access-list stateless st

    (host) (config-stateless-st) # any any tcp 10 100 permit nexthop 200.0.0.5

    (host) (config-stateless-st) # any any udp 10 100 redirect tunnel 10

    (host) (config-stateless-st)# any any udp 10 101 redirect ipsec ipsec1

    (host) (config) #interface vlan 100

    (host) (vlan 100) #ip access-group in st

     

    (host) (config) #interface vlan 100

    (host) (vlan 100) #ip access-group in st

     

    It mean with any source ip address that come from vlan 100, will be redirect to 200.0.0.5 right?

    And what is the meaning for the remaining 2 lines:

    (host) (config-stateless-st) # any any udp 10 100 redirect tunnel 10

    (host) (config-stateless-st)# any any udp 10 101 redirect ipsec ipsec1

     

    Thanks and regards,

     


    #7210


  • 2.  RE: PBR in Aruba controller

    EMPLOYEE
    Posted Nov 23, 2014 03:52 AM

    If you already have this configured properly on your wired network, just bridge users who need to access the internet via ISP1 to a VLAN that uses ISP1.  Bridge the suers who need to access the internet via ISP2 to a wired VLAN that uses ISP2 and be done with it.

     



  • 3.  RE: PBR in Aruba controller

    Posted Nov 24, 2014 01:46 AM

    Thanks for your kindly support Joseph, did you mean Aruba  controller doesn't support PBR right? So we need to bridge all user to L3 switch and let to use PBR on L3 swith to do it right?

     

     



  • 4.  RE: PBR in Aruba controller

    EMPLOYEE
    Posted Nov 24, 2014 06:59 AM

    Casnov999,

     

    You can do this, but we need a network diagram to see if it supports what you want to do.

     



  • 5.  RE: PBR in Aruba controller

    Posted Nov 24, 2014 07:26 AM
      |   view attached

    Hi Joseph, i tried to configure on Controller 7210 like example in aruba support web. But it doesn't have "ip access-list stateless .." option. It has only like these :

     

    (SNRU_7210) (config) #ip access-list ?
    eth                     Ethertype access list
    extended                Extended Access List
    mac                     MAC access list
    session                 Session Access List
    standard                Standard Access List

     

    And for my network design, please regards from my attachment file.

     


    #7210