Wireless Access

Reply
Contributor II

Aruba instant - whatsapp access rule

hi,

 

I´m testing SSID for guest access with http, https only without corporate network access (only dhcp and dns allowed) with this access-list:

 

Allow bootp to all destinations
Allow dns to all destinations
Deny any to network XX.0.0.0 netmask 255.0.0.0
Allow http to all destinations
Allow https to all destinations
Deny any to all destinations

 

But clients refer to whatsapp runs slowly so I tried:

 

Allow bootp to all destinations
Allow dns to all destinations
Deny any to network XX.0.0.0 netmask 255.0.0.0
Allow http to all destinations
Allow https to all destinations
Allow application whatsapp to all destinations
Deny any to all destinations

 

Even:

 

Allow bootp to all destinations
Allow dns to all destinations
Allow application whatsapp to all destinations
Deny any to network XX.0.0.0 netmask 255.0.0.0
Allow http to all destinations
Allow https to all destinations
Deny any to all destinations

 

But the same result, whattsap runs slowly.

 

If a set rule that allow any any, works perfect, so other network elements like routers and firewalls are not interfering in the whatsapp aplicattion.

 

Please, Any idea so this behaviour? How must configure the access rules?

 

Regards,

EF

MVP Guru

Re: Aruba instant - whatsapp access rule

I've had the same issue before and we had to allow the Whatapp sites as well as the application.

 

netdestination cx.whatsapp.net
  name c.whatsapp.net
  name c1.whatsapp.net
  name c2.whatsapp.net
  name c3.whatsapp.net
  name c4.whatsapp.net
  name c5.whatsapp.net
  name c6.whatsapp.net
  name c7.whatsapp.net
  name c8.whatsapp.net
  name c9.whatsapp.net
  name c10.whatsapp.net
!
ip access-list session allow-Whatsapp any alias cx.whatsapp.net tcp 4244 permit any alias cx.whatsapp.net tcp 5222 permit any alias cx.whatsapp.net tcp 5223 permit any alias cx.whatsapp.net tcp 5228 permit any alias cx.whatsapp.net tcp 5242 permit any alias cx.whatsapp.net tcp 59234 permit any alias cx.whatsapp.net tcp 50318 permit any alias cx.whatsapp.net udp 59234 permit any alias cx.whatsapp.net udp 50318 permit any alias cx.whatsapp.net udp 45395 permit any alias cx.whatsapp.net udp 3478 permit !

You can always check the datapath session of the client to confirm if any traffic is being blocked by running the below look for a 'D' flag.

 

show datapath session | include [CLIENT IP]

ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Contributor II

Re: Aruba instant - whatsapp access rule

I solve it using this filter:

 

permit tcp 5222

 

So the ACL is:

 

permit dhcp

permit dns (public)

deny (internal networks)

permit tcp 5222

permit http

permit https

 

Regards,

 

EF

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: