Wired Intelligent Edge

last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Meaning of "localip" and "user" keywords in "ip access-list session" definition

This thread has been viewed 3 times

  • 1.  Meaning of "localip" and "user" keywords in "ip access-list session" definition

    Posted Feb 07, 2017 03:31 AM

    In the session ACL, we can use the keywords "localip" and "user" either as a source or a destination, but there is no definition in the documentation for these keywords.

    For the "localip", is-it all the IP addresses assigned to the controller?

    For the "user", is-it all the client IP addresses as there are listed in the user-table?

     

     



  • 2.  RE: Meaning of "localip" and "user" keywords in "ip access-list session" definition

    Posted Feb 07, 2017 08:17 PM

    The descriptions are actually mentioned in the documentation @ http://www.arubanetworks.com/techdocs/ArubaOS_61/ArubaOS_61_CLI/ip.htm

     

    <source>

    The traffic source, which can be one of the following:

    alias: specify the network resource (use the netdestination command to configure aliases; use the show netdestination command to see configured aliases)

    any: match any traffic

    host: specify a single host IP address

    localip: specify the local IP address to match traffic

    network: specify the IP address and netmask

    user: represents the IP address of the user



  • 3.  RE: Meaning of "localip" and "user" keywords in "ip access-list session" definition

    Posted Feb 08, 2017 02:16 AM

    I had already found these definitions in the documentation, but there are not explanation of what "specify the local IP address to match traffic" or "represents the IP address of the user" exactly mean.

     

    What is the loca IP address? Local addresses configured on the controller for each VLAN? Main IP administration address?

     

    And for the user, all the IP addresses of all the clients currently detected by the controller?

     



  • 4.  RE: Meaning of "localip" and "user" keywords in "ip access-list session" definition

    Posted Feb 15, 2017 04:23 AM

    Nobody has more detailed information to share about these two options in the ACL definition?



  • 5.  RE: Meaning of "localip" and "user" keywords in "ip access-list session" definition
    Best Answer

    EMPLOYEE
    Posted Feb 15, 2017 04:52 AM

    "user" is a reserved alias that represents any user in the user table.  You would use it if you want to allow or block traffic to all users in the user table.

     

    "localip" is also a reserved alias, but it has very limited use.  Remote APs had a mechanism called "zero touch provisioning", where the end-user could boot a RAP and enter provisioning parameters right on the RAP (the RAP console) for it to connect to its controller.  The localip variable represented the ip address that the RAP had and it would allow you to block access to that web page.  It is not useful for anything else, really.