Wireless Access

Reply
MVP
Posts: 3,015
Registered: ‎10-25-2011

ROLE ACL PBR when you got a DMZ controller

Helli i was wondering if i could do this 

https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-bind-a-router-ACL-to-user-role-for-implementing-PBR/ta-p/234522

 

When  i got this scenario

 

I got 1 master controller 4 local controller and 1 DMZ Controller

 

All local controller has a GRE tunnel to the master controller and the master controller has a GRE tunnel to the DMZ controller

 

If i configure  this role pbr on the master controller even if i do the configureation for the role pbr there will it work???  this works perfectly if i got the internet connected directly to the controller im configuring the pbr as i have test it, but if i got the internet conected to the dmz controller and the roles are on the master controller in where i configure the pbr will it work????

I cant really test it becasue i just got 1 controller :( 

Does anyone knows????

Or how can i configure when i got a vlan that just exist in controllers and i want that some of the users goes out trhough one service provider which is connected directly to the dmz controller and others users going to internet using the normal default gateway the dmz controller has??

 

 

Cheers

Carlos

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 21,488
Registered: ‎03-29-2007

Re: ROLE ACL PBR when you got a DMZ controller

It is complicated, but it is possible and you should test it.  The DMZ controller's side of the GRE tunnel should be untrusted, because that is where you want to place the PBR rules in the user role...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 3,015
Registered: ‎10-25-2011

Re: ROLE ACL PBR when you got a DMZ controller

So its not possible doing it in the way i got it configured?

Right now i got it like this

WLAN controllers tunnel the guest VLAN to the DMZ controllers, but have the WLAN controllers do all of the policy enforcement, so that the DMZ controllers would not need any PEF licenses.

The DMZ controllers provide DHCP and route the guest traffic wherever it needs to go, but the Captive Portal would be provided by the WLAN controllers....

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 21,488
Registered: ‎03-29-2007

Re: ROLE ACL PBR when you got a DMZ controller

I think whatever device is the default gateway of clients needs to have the PBR Role and ACLs.....  That would be the DMZ controller, right?

Maybe someone who has done it the way you mention right now can chime in...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 3,015
Registered: ‎10-25-2011

Re: ROLE ACL PBR when you got a DMZ controller

I think the same way you do, i brealive i need to have this on the default gateway, but i was asking if it was possible without chaning wnhat i already got.... i wanted to test it but i just got one controlller... 

 

Anyways to do it in the way you mention, i would need to have a firewall license on the dmz controller to do that right?

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 21,488
Registered: ‎03-29-2007

Re: ROLE ACL PBR when you got a DMZ controller

Yes.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: