Wireless Access

last person joined: 22 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

What is session-acl under ap system-profiles?

This thread has been viewed 1 times

  • 1.  What is session-acl under ap system-profiles?

    Posted May 23, 2017 12:08 PM

    Can someone explain what exactly the session-acl under the ap system-profile config is used for and how it differs from an ACL applied to a specific role?



  • 2.  RE: What is session-acl under ap system-profiles?

    Posted May 24, 2017 04:34 AM
    The AP System profile session ACL is applied to the uplink interface on a RAP. ACLs applied on a role are applied to clients in that role.


  • 3.  RE: What is session-acl under ap system-profiles?

    Posted May 24, 2017 10:47 AM

     

     

    Can you provide a use-case where you would want to set this up?

     

    Our ap system-profiles have always been set to "allowall" for the session-acl.  Someone inadvertantly removed this and it defaulted to "ap-uplink-acl" which ended up breaking wireless-to-wireless communication on the same VLAN between clients.  Everything else seemed to be functioning normally.

     

    Why would removing this ACL cause this behavior?



  • 4.  RE: What is session-acl under ap system-profiles?

    Posted May 25, 2017 03:51 AM
    What's your controller / AP setup like? Do you use RAPs?

    Did someone remove the allowall firewall rule from the controller? That could by why.


  • 5.  RE: What is session-acl under ap system-profiles?

    Posted Jun 01, 2017 02:57 PM

    Yes, these were RAPs and removing the allowall did create an issue.  When would we want to use these session-ACLs instead of a role-based ACL?