Session vs extended ACLs: which is better to be applied to physical interfaces?

Aruba Employee
Aruba Employee

Product and Software: This article applies to all ArubaOS versions.


Aruba Networks always recommends session ACLs. You would only use an extended/etype/mac ACL if a session ACL could not support the desired behavior.


If non-session ACLs are used, we iterate through all rules for each frame, which lowers the performance of the system.


When session ACLs are used, we only iterate through the rules for the first frame of a "session", for example, TCP connection.

Version history
Revision #:
1 of 1
Last update:
‎07-02-2014 08:15 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: