Wireless Access

 View Only
last person joined: 11 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Aruba Wireless Controller ACL Question

This thread has been viewed 7 times
  • 1.  Aruba Wireless Controller ACL Question

    Posted 16 days ago
    We currently have an acl to block all access to internal resources. We want to open it up to some specific IP's for web traffic. We have added 140-151 as shown below but we still arent able to connect to those resources. Is there something im missing to be able to allow this?  prepaidgiftbalance

    ip access-list extended "Guest-ACL"
       10 remark "Allow DNS and DHCP"
       10 permit udp eq 53
       15 permit udp eq 53
       40 permit udp eq 67
       50 remark "Deny Internal Ranges"
       50 deny ip
       60 deny ip
       70 deny ip
       80 deny ip
       90 remark "Allow Internet Access"
       140 permit tcp eq 80
       141 permit tcp eq 443
       145 permit tcp eq 80
       146 permit tcp eq 443
       150 permit tcp eq 80
       151 permit tcp eq 443

  • 2.  RE: Aruba Wireless Controller ACL Question

    Posted 16 days ago
    What platform are you configuring this on?  

    - You should be configuring Session ACLs for user traffic (do not use extended).
    - You should also be using built-in services for applications instead of configuring individual ports, TCP and UDP.  Serivces for applications are stateful and have Application Level Gateways that look at sessions and not just tcp and udp port traffic.

    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card