Wireless Access

last person joined: 8 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Policies in ArubaOS 6.2.1.2

This thread has been viewed 1 times

  • 1.  Policies in ArubaOS 6.2.1.2

    Posted Jun 13, 2013 04:30 AM

    Since ugrading to ArubaOS 6.2.1.2 I have noticed that the ACL count on the policies or user-roles screen in the web ui does not reflect the actual ACL.

    I have created 2 ACLs, 1 called outbound with 153 entries and 1 called inbound with 19 entries. In the CLI the ACLs show correctly and everything works as expected. However, when viewing the ACLs via the user-role they are assigned to, the counts show as follows:

     

    icmp-acl 1

    dns-acl 1

    outbound 94

    inbound 0

     

    When you open the policies from within the user roles they do NOT show correctly either.

    Is this a bug? Has anybody else seen this problem?

     

    Thanks


    David



  • 2.  RE: Policies in ArubaOS 6.2.1.2

    EMPLOYEE
    Posted Jun 17, 2013 09:00 AM
      |   view attached

    Please see page 18 of the attached release notes:

     

    "

    •   Beginning with ArubaOS 6.2, you cannot create redundant firewall rules in a single ACL. ArubaOS will consider a rule redundant if the primary keys are the same. The primary key is made up of the following variables:

      source IP/alias

      destination IP/alias

      proto-port/service

      If your pre-6.2 configuration contains an ACL with redundant firewall rules, upon upgrading, only the last rule will remain.

      For example, in ArubaOS 6.2, in the ACL below, it is not possible to configure both of the ACE entries at the same time. Once the second ACE entry is added, the first ACE entry is overwritten. 

         (host) (config) #ip access-list session allowall-laptop
   (host) (config-sess-allowall-laptop)# any any any  permit time-range test_range
   (host) (config-sess-allowall-laptop)# any any any deny
   (host) (config-sess-allowall-laptop)#end
   (host) #show ip access-list allowall-laptop

         ip access-list session allowall-laptop
   allowall-laptop
   ---------------
   Priority  Source  Destination  Service  Action  TimeRange"

     

    Attachment(s)

    pdf
    ArubaOS 6.2.1.2 Release Notes.pdf   980 KB 1 version


  • 3.  RE: Policies in ArubaOS 6.2.1.2

    Posted Jun 17, 2013 09:13 AM

    Thanks for the response but i have seen this entry in the release notes and this is not the issue.

    I have an access-list called internal_staff_inbound which has 19 entries as below (IP information removed):

     

     

    ip access-list session internal_staff_inbound
    network c.c.c.0 255.255.255.0 user any permit
    host x.x.x.x user any permit
    host x.x.x.x user svc-icmp permit
    host y.y.y.y user any permit
    host y.y.y.y user svc-icmp permit
    host z.z.z.z user any permit
    network b.b.0.0 255.255.0.0 user svc-http-proxy2 permit
    any any svc-bootp permit
    host p.p.p.p user tcp 314 permit
    host q.q.q.q user tcp 993 permit
    host q.q.q.q user udp 993 permit
    network d.d.d.0 255.255.255.192 user tcp 314 permit
    any user svc-ssh permit
    any user svc-ike permit
    any user svc-esp permit
    any user 51 permit
    host m.m.m.muser tcp 2304 permit
    network f.f.f.0 255.255.224.0 user any deny
    network g.g.g.0 255.255.224.0 user any deny

     

    This shows in the CLI exactly as entered.

    However, when I go to the user-role where it is applied I see <user-role.JPG>.

    If I click the Edit button next to the policy to open it the policy shows as having no entries as per <policy.JPG>.

     

    If I look up the policy under the Policies tab it shows as having the correct amount of entries (see policy2.JPG) and I can click Edit and all the entries show up.

     

    The issue just occurs when viewing the policies from within the user-role.

    Kind regards

     

    David



  • 4.  RE: Policies in ArubaOS 6.2.1.2

    EMPLOYEE
    Posted Jun 17, 2013 09:21 AM

    I would open a support case.  It is probably a bug.  If you have not, please clear your browser cache.  I don't think it will help, but please try it anyway.

     



  • 5.  RE: Policies in ArubaOS 6.2.1.2

    Posted Jun 17, 2013 09:25 AM

    Thanks will do. I have cleared the browser cache and also tried in Chrome, IE and Firefox and all show the same problem.

     

    David