Wireless Access

Reply
MVP
Posts: 226
Registered: ‎03-03-2011

Policies in ArubaOS 6.2.1.2

Since ugrading to ArubaOS 6.2.1.2 I have noticed that the ACL count on the policies or user-roles screen in the web ui does not reflect the actual ACL.

I have created 2 ACLs, 1 called outbound with 153 entries and 1 called inbound with 19 entries. In the CLI the ACLs show correctly and everything works as expected. However, when viewing the ACLs via the user-role they are assigned to, the counts show as follows:

 

icmp-acl 1

dns-acl 1

outbound 94

inbound 0

 

When you open the policies from within the user roles they do NOT show correctly either.

Is this a bug? Has anybody else seen this problem?

 

Thanks


David

David
ACDX #98 | ACMP | ACCP
Guru Elite
Posts: 21,480
Registered: ‎03-29-2007

Re: Policies in ArubaOS 6.2.1.2

Please see page 18 of the attached release notes:

 

"

  •   Beginning with ArubaOS 6.2, you cannot create redundant firewall rules in a single ACL. ArubaOS will consider a rule redundant if the primary keys are the same. The primary key is made up of the following variables:

    source IP/alias

    destination IP/alias

    proto-port/service

    If your pre-6.2 configuration contains an ACL with redundant firewall rules, upon upgrading, only the last rule will remain.

    For example, in ArubaOS 6.2, in the ACL below, it is not possible to configure both of the ACE entries at the same time. Once the second ACE entry is added, the first ACE entry is overwritten.

       (host) (config) #ip access-list session allowall-laptop
       (host) (config-sess-allowall-laptop)# any any any  permit time-range test_range
       (host) (config-sess-allowall-laptop)# any any any deny
       (host) (config-sess-allowall-laptop)#end
       (host) #show ip access-list allowall-laptop
    
       ip access-list session allowall-laptop
       allowall-laptop
       ---------------
       Priority  Source  Destination  Service  Action  TimeRange"
    

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 226
Registered: ‎03-03-2011

Re: Policies in ArubaOS 6.2.1.2

Thanks for the response but i have seen this entry in the release notes and this is not the issue.

I have an access-list called internal_staff_inbound which has 19 entries as below (IP information removed):

 

 

ip access-list session internal_staff_inbound
network c.c.c.0 255.255.255.0 user any permit
host x.x.x.x user any permit
host x.x.x.x user svc-icmp permit
host y.y.y.y user any permit
host y.y.y.y user svc-icmp permit
host z.z.z.z user any permit
network b.b.0.0 255.255.0.0 user svc-http-proxy2 permit
any any svc-bootp permit
host p.p.p.p user tcp 314 permit
host q.q.q.q user tcp 993 permit
host q.q.q.q user udp 993 permit
network d.d.d.0 255.255.255.192 user tcp 314 permit
any user svc-ssh permit
any user svc-ike permit
any user svc-esp permit
any user 51 permit
host m.m.m.muser tcp 2304 permit
network f.f.f.0 255.255.224.0 user any deny
network g.g.g.0 255.255.224.0 user any deny

 

This shows in the CLI exactly as entered.

However, when I go to the user-role where it is applied I see <user-role.JPG>.

If I click the Edit button next to the policy to open it the policy shows as having no entries as per <policy.JPG>.

 

If I look up the policy under the Policies tab it shows as having the correct amount of entries (see policy2.JPG) and I can click Edit and all the entries show up.

 

The issue just occurs when viewing the policies from within the user-role.

Kind regards

 

David

David
ACDX #98 | ACMP | ACCP
Guru Elite
Posts: 21,480
Registered: ‎03-29-2007

Re: Policies in ArubaOS 6.2.1.2

I would open a support case.  It is probably a bug.  If you have not, please clear your browser cache.  I don't think it will help, but please try it anyway.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 226
Registered: ‎03-03-2011

Re: Policies in ArubaOS 6.2.1.2

Thanks will do. I have cleared the browser cache and also tried in Chrome, IE and Firefox and all show the same problem.

 

David

David
ACDX #98 | ACMP | ACCP
Search Airheads
Showing results for 
Search instead for 
Did you mean: