Wireless Access

Reply
Contributor I
Posts: 44
Registered: ‎03-10-2014

PBR in Aruba controller

Dear all experts,

I'm implementing Aruba controller 7210 however my customer site has 2 ISP links. So by default , gateway will point to ISP router1 and for some SSID will have PBR point to ISP router2. So i must use PBR to force some source ip address to use ISP router2 for internet accessing. However due to PBR must use "ACL stateless" , so i'm not sure does it have any effect with any stateful firewall features or not? And for this example :

 

(host) (config) #ip access-list stateless st

(host) (config-stateless-st) # any any tcp 10 100 permit nexthop 200.0.0.5

(host) (config-stateless-st) # any any udp 10 100 redirect tunnel 10

(host) (config-stateless-st)# any any udp 10 101 redirect ipsec ipsec1

(host) (config) #interface vlan 100

(host) (vlan 100) #ip access-group in st

 

(host) (config) #interface vlan 100

(host) (vlan 100) #ip access-group in st

 

It mean with any source ip address that come from vlan 100, will be redirect to 200.0.0.5 right?

And what is the meaning for the remaining 2 lines:

(host) (config-stateless-st) # any any udp 10 100 redirect tunnel 10

(host) (config-stateless-st)# any any udp 10 101 redirect ipsec ipsec1

 

Thanks and regards,

 

Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: PBR in Aruba controller

If you already have this configured properly on your wired network, just bridge users who need to access the internet via ISP1 to a VLAN that uses ISP1.  Bridge the suers who need to access the internet via ISP2 to a wired VLAN that uses ISP2 and be done with it.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 44
Registered: ‎03-10-2014

Re: PBR in Aruba controller

Thanks for your kindly support Joseph, did you mean Aruba  controller doesn't support PBR right? So we need to bridge all user to L3 switch and let to use PBR on L3 swith to do it right?

 

 

Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: PBR in Aruba controller

Casnov999,

 

You can do this, but we need a network diagram to see if it supports what you want to do.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 44
Registered: ‎03-10-2014

Re: PBR in Aruba controller

Hi Joseph, i tried to configure on Controller 7210 like example in aruba support web. But it doesn't have "ip access-list stateless .." option. It has only like these :

 

(SNRU_7210) (config) #ip access-list ?
eth                     Ethertype access list
extended                Extended Access List
mac                     MAC access list
session                 Session Access List
standard                Standard Access List

 

And for my network design, please regards from my attachment file.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: