Separating these devices on VLANs would be the traditional solution. With AOS-CX User Roles, you can apply a camera role to the camera's and employee role (for example) to employees, and define in there what traffic is allowed, and even combine that with segmented VLANs.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jan 17, 2022 07:06 PM
From: Mang Lai
Subject: Adding ACL to Camera on several switches
Hi Friends,
I need some advice on ACL, this could be basic networking problem :)
Now we have several security cameras across to several CX switches on our site. I was planning to apply ACL to SVI interface, but I read somewhere that if I apply ACL to VLAN SVI interface on core switch to only allow a certain IP traffic to get through, people will still be able to somehow reach the cameras if they are on the same switch, same VLAN. Is there a point to apply ACL to camera interface on Access switches as well? Or applying ACL to SVI interface will be good enough?
Thanks a lot,
ML
------------------------------
Mang Lai
------------------------------