02-07-2017 12:30 AM
In the session ACL, we can use the keywords "localip" and "user" either as a source or a destination, but there is no definition in the documentation for these keywords.
For the "localip", is-it all the IP addresses assigned to the controller?
For the "user", is-it all the client IP addresses as there are listed in the user-table?
Solved! Go to Solution.
Re: Meaning of "localip" and "user" keywords in "ip access-list session&quo
02-07-2017 05:17 PM
The descriptions are actually mentioned in the documentation @ http://www.arubanetworks.com/techdocs/ArubaOS_61/ArubaOS_61_CLI/ip.htm
The traffic source, which can be one of the following:
alias: specify the network resource (use the netdestination command to configure aliases; use the show netdestination command to see configured aliases)
any: match any traffic
host: specify a single host IP address
localip: specify the local IP address to match traffic
network: specify the IP address and netmask
user: represents the IP address of the user
ACDX | ACCP | ACMP | ACMA | CCIE (RnS, SP, DC) | JNCIS | JNCIA
Re: Meaning of "localip" and "user" keywords in "ip access-list session&
02-07-2017 11:16 PM
I had already found these definitions in the documentation, but there are not explanation of what "specify the local IP address to match traffic" or "represents the IP address of the user" exactly mean.
What is the loca IP address? Local addresses configured on the controller for each VLAN? Main IP administration address?
And for the user, all the IP addresses of all the clients currently detected by the controller?
02-15-2017 01:52 AM
"user" is a reserved alias that represents any user in the user table. You would use it if you want to allow or block traffic to all users in the user table.
"localip" is also a reserved alias, but it has very limited use. Remote APs had a mechanism called "zero touch provisioning", where the end-user could boot a RAP and enter provisioning parameters right on the RAP (the RAP console) for it to connect to its controller. The localip variable represented the ip address that the RAP had and it would allow you to block access to that web page. It is not useful for anything else, really.
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars