Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Contributor II

AOS-CX-VLAN-ACLs << (VACLs) Hints&Observations

VLAN Access-List Learning experience on an 8320 running 10.03+:

 

 

CONFIG CONTEXT:

vlan 200
description SERVER-VLAN
apply access-list ip VLAN-SERVER-200-IN-# in
exit

access-list ip VLAN-SERVER-200-IN-1
9 comment SERVER-200 >>>>>>>>>>>>>>>>>> VACL INBOUND
90 permit any 0.0.0.0 0.0.0.0 count
99 deny any 0.0.0.0 0.0.0.0 log count
exit

access-list ip VLAN-SERVER-200-IN-2
9 comment SERVER-200 >>>>>>>>>>>>>>>>>> VACL INBOUND
90 permit any 0.0.0.0/0 0.0.0.0/0 count
99 deny any 0.0.0.0/0 0.0.0.0/0 log count
exit

 

VLAN-SERVER-200-IN-1 does NOT equal VLAN-SERVER-200-IN-2

 

OBSERVATIONS:

 

VLAN-SERVER-200-IN-1 resticts only host 0.0.0.0.

No hitcounts were observed and no logs were sent to the syslog server. After seq#99 there is an IMPLICIT DENY w/o logs or counts.

MVP Expert

Re: AOS-CX-VLAN-ACLs << (VACLs) Observations

Hi,

 

yes it is normal...

0.0.0.0 is also an (special) ip address... for ALL ip adresse need to use 0.0.0.0/0

it is always better to specific the netmask...




PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info


PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info


PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)


PowerArubaIAP: Powershell Module to use Aruba Instant AP




ACMP 6.4 / ACMX #107 / ACCP 6.5
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: