Wireless Access

last person joined: 20 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

How do I add an ACL to a VLAN rather than a role?

This thread has been viewed 3 times

  • 1.  How do I add an ACL to a VLAN rather than a role?

    Posted Aug 16, 2016 09:11 AM

    Hi Guys,

    We have a bunch of media sharing devices that need to sit on a VLAN the Aruba controls so that I can use the Airplay functionality to allow wireless screen sharing accross the WLAN via Airgroup. We do this already for Apple TV devices but we are trialing new devices that support Airplay, Miracast and Chromecast in all in one box.

    I need to add a policy to this VLAN to allow exernal access to the cloud based command and control centre for these devices.

    What is the best way to do this?

    Create an alias for the VLAN, and create an session babsed ACL to allow the access, the bit I don't get is how to apply that rule to the VLAN.

    Is a session based ACL the correct route?

    Do I need to create a role for the VLAN itself?

     

    Im not sure about the best way to do this so suggestions are welcome.



  • 2.  RE: How do I add an ACL to a VLAN rather than a role?

    Posted Aug 18, 2016 10:34 AM
      |   view attached

    OK, maybe a possible method?

     

    If I look at the Ports config page, we have one link back to our core where every single vlan is untrusted and tagged on this single link.

     

    In the 'Enter VLAN(s)' section I select 'new' and create a policy and assign it to VLAN 54.

     

    If this works the way I think it will then in the Firewall Policy  section I can assign the policy I have created and assign it to both in and out?

    Do I need to add it in the session drop down box as well???

     

    Will that work, and will it only affect VLAN 54? Im asking as every VLAN the Aruba controls is on that interface.

     

    I have attached a jpeg of the proposed changes

     

     



  • 3.  RE: How do I add an ACL to a VLAN rather than a role?

    EMPLOYEE
    Posted Aug 18, 2016 10:51 AM

    Have you considered using the AP multicast aggregation feature instead?



  • 4.  RE: How do I add an ACL to a VLAN rather than a role?

    Posted Aug 18, 2016 11:19 AM

    Im already assuming we are already as we are using Airgroup along with CPPM?

     

    The Apple TV's work, but the new Barco mirroring/sharing devices need to register against a cloud based service and they can't get through to register. Im hoping the method above will allow them to access external resources defined in a policy, this was never needed for the Apple devices. Im sure that once they have registered, then the wireless mirroring function will work same as airplay.

     

    I tried creating a policy to allow, but couldn't find a way to assign it to a VLAN until I found a possible method outlined in the jpeg attached

    Am I looking at the correct method?



  • 5.  RE: How do I add an ACL to a VLAN rather than a role?

    EMPLOYEE
    Posted Aug 18, 2016 12:13 PM

    AP multicast aggregation is a controller feature that looks for mDNS and SSDP packets on the wired network where the AP is connected and send the advertisements up to the controller.

     

    This would eliminate having to have your controller connected to the edge of the wired network.