Wireless Access

last person joined: 22 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Validuser ACL limits

This thread has been viewed 5 times

  • 1.  Validuser ACL limits

    Posted Mar 29, 2012 06:12 PM
    Does anyone know if there is a limit or threshold to how many entries can be processed by the Validuser ACL? We have over 300 subnets that we will need to put in a whiitelist. At what point does this list or ACL affect the processor or impact performance? We are currently running 6.1.2.6 on M3 controllers. Any advice is appreciated.


  • 2.  RE: Validuser ACL limits

    Posted Apr 02, 2012 04:27 PM

    Our validuser acl for our large section of campus has 100 ace entries, we were able to supernet things down to save on the ace entries. We aren't seeing problems at that level, but doesn't really answer your question. Any of that address space contiguous?

     

    Garrett Harmon

    Ohio State University



  • 3.  RE: Validuser ACL limits

    Posted Apr 03, 2012 10:31 AM

    The validuser ACL also supports non-contiguous masks which helped me shrink the length of my whitelist significantly.



  • 4.  RE: Validuser ACL limits

    Posted Apr 03, 2012 02:03 PM

    We've had issues with subnet gateway addresses becoming entries in the user table, effectively bringing down that network segment.  So, I don't want to aggregate the individual subnets because I don't feel that I will have protection against something like that happening again.  I was thinking to use the netdestination idea as white listing all our valid networks and denying some specific hosts and subnets on a smaller range.  I have an open ticket with support on it, but it's very slow moving.  

     

    Thanks to both of you for advice!