Wired

last person joined: 8 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

AOS-CX-VLAN-ACLs << (VACLs) Hints&Observations

Jump to Best Answer
  • 1.  AOS-CX-VLAN-ACLs << (VACLs) Hints&Observations

    Posted Oct 01, 2019 10:52 AM

    VLAN Access-List Learning experience on an 8320 running 10.03+:

     

     

    CONFIG CONTEXT:

    vlan 200
    description SERVER-VLAN
    apply access-list ip VLAN-SERVER-200-IN-# in
    exit

    access-list ip VLAN-SERVER-200-IN-1
    9 comment SERVER-200 >>>>>>>>>>>>>>>>>> VACL INBOUND
    90 permit any 0.0.0.0 0.0.0.0 count
    99 deny any 0.0.0.0 0.0.0.0 log count
    exit

    access-list ip VLAN-SERVER-200-IN-2
    9 comment SERVER-200 >>>>>>>>>>>>>>>>>> VACL INBOUND
    90 permit any 0.0.0.0/0 0.0.0.0/0 count
    99 deny any 0.0.0.0/0 0.0.0.0/0 log count
    exit

     

    VLAN-SERVER-200-IN-1 does NOT equal VLAN-SERVER-200-IN-2

     

    OBSERVATIONS:

     

    VLAN-SERVER-200-IN-1 resticts only host 0.0.0.0.

    No hitcounts were observed and no logs were sent to the syslog server. After seq#99 there is an IMPLICIT DENY w/o logs or counts.



  • 2.  RE: AOS-CX-VLAN-ACLs << (VACLs) Hints&Observations
    Best Answer

    Posted Oct 01, 2019 03:16 PM

    Hi,

     

    yes it is normal...

    0.0.0.0 is also an (special) ip address... for ALL ip adresse need to use 0.0.0.0/0

    it is always better to specific the netmask...