Wireless Access

 View Only
last person joined: 11 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Aruba Wireless Controller ACL Question

This thread has been viewed 7 times
  • 1.  Aruba Wireless Controller ACL Question

    Posted 16 days ago
    We currently have an acl to block all access to internal resources. We want to open it up to some specific IP's for web traffic. We have added 140-151 as shown below but we still arent able to connect to those resources. Is there something im missing to be able to allow this?  prepaidgiftbalance


    ip access-list extended "Guest-ACL"
       10 remark "Allow DNS and DHCP"
       10 permit udp 0.0.0.0 255.255.255.255 172.20.82.10 0.0.0.0 eq 53
       15 permit udp 0.0.0.0 255.255.255.255 172.20.82.127 0.0.0.0 eq 53
       40 permit udp 0.0.0.0 255.255.255.255 168.170.19.254 0.0.0.0 eq 67
       50 remark "Deny Internal Ranges"
       50 deny ip 0.0.0.0 255.255.255.255 192.168.0.0 0.0.255.255
       60 deny ip 0.0.0.0 255.255.255.255 172.20.0.0 0.0.255.255
       70 deny ip 0.0.0.0 255.255.255.255 172.26.224.0 0.0.0.255
       80 deny ip 0.0.0.0 255.255.255.255 172.20.80.0 0.0.4.255
       90 remark "Allow Internet Access"
       140 permit tcp 0.0.0.0 255.255.255.255 172.20.82.130 0.0.0.0 eq 80
       141 permit tcp 0.0.0.0 255.255.255.255 172.20.82.130 0.0.0.0 eq 443
       145 permit tcp 0.0.0.0 255.255.255.255 172.20.82.19 0.0.0.0 eq 80
       146 permit tcp 0.0.0.0 255.255.255.255 172.20.82.19 0.0.0.0 eq 443
       150 permit tcp 0.0.0.0 255.255.255.255 172.20.82.102 0.0.0.0 eq 80
       151 permit tcp 0.0.0.0 255.255.255.255 172.20.82.102 0.0.0.0 eq 443
       exit​


  • 2.  RE: Aruba Wireless Controller ACL Question

    EMPLOYEE
    Posted 16 days ago
    What platform are you configuring this on?  

    - You should be configuring Session ACLs for user traffic (do not use extended).
    - You should also be using built-in services for applications instead of configuring individual ports, TCP and UDP.  Serivces for applications are stateful and have Application Level Gateways that look at sessions and not just tcp and udp port traffic.


    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------