Having trouble understanding the Aruba CX Policy/ACL application after using Cisco for many years. On Cisco when applying a dACL to a switchport the traffic is only filtered into the port from the device and you also have the option for pulling the HOST IP from the device-tracking database to use within the ACL.
In my Aruba CX 6300 switch and ClearPass demo have setup the downloadable user role for the device to have inbound access but outbound access is also restricted. Secondly Is there also a way to build the rule based on the authenticated host ip of the authenticated device rather than ANY or a specified source IP in CX DURs?
Here is an example of my printer role which can get DHCP/DNS and ICMP. However I am unable to send any traffic to the device such at LPD or HTTPS traffic unless I build those inbound rules (second screenshot). For a more generic policy covering many different devices this will be painful to allow access to the devices.
Not having used Aruba much what am I missing here with the design. Is it required to build rules both in and outbound?
Thanks in advance.
------------------------------
Christopher Calhoun
------------------------------