Wired Intelligent Edge (Campus Switching and Routing)

Reply
New Contributor

Isolated VLAN with internet only

Hi,

I need to configure an isolated wired vlan that only has access to DHCP server (Branch Controller) and internet. It needs to be isolated from all internal vlans.

 

Branch Controller is controlled by aruba central.

 

How can i set up ACLs to deny access from all internal vlans?

Frequent Contributor II

Re: Isolated VLAN with internet only

You should make an ACL that block to all internal networks except DHCP.

 

user any udp 68 deny
any any svc-dhcp permit
user alias "internal-subnets-alias" any deny

After these rules you should allow all other subnets(==internet) with the allowed internet ports, (http,https and public dns server)

user any svc-http permit
user any svc-https permit
user any svc-dns permit

 

 

----------Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE----------
Feel free to give kudos or accept as a solution!
Highlighted
New Contributor

Re: Isolated VLAN with internet only

Fabian,

Thanks for quick response.

 

When i'm going into config T i'm getting "this controller is managed by mobility master. Configuration can only be performed on mobility master"

MVP Expert

Re: Isolated VLAN with internet only

 


@ToolShed wrote:

 

When i'm going into config T i'm getting "this controller is managed by mobility master. Configuration can only be performed on mobility master"


You need to make on central...




PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info


PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info


PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)


PowerArubaIAP: Powershell Module to use Aruba Instant AP




ACMP 6.4 / ACMX #107 / ACCP 6.5
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: