Wireless Access

Reply
Aruba Employee

Re: policy and firewall settings / initial config

Here is what the configure looks like:

 

!
user-role test-role
 access-list session allow-ports
!

 To do the above, assuming you have the "allow-ports" policy define, you would do the following:

 

From the # prompt:
- configure terminal
- user-role test-role
- access-list session allow-ports
- exit

 

Run "show rights test-role" to verify the configuration.

 

-Mike

Occasional Contributor II

Re: policy and firewall settings / initial config

I am in config t

this is the output i get

 

(jhsscmc3600) (config) #user-role ?

(jhsscmc3600) (config) #user-role

Aruba Employee

Re: policy and firewall settings / initial config

I would open a case with TAC. That is odd.

 

The only time I've seen that is when the controller doesn't have any licenses on it. But you said you installed the PEFNG license. So that should work.

Thanks,

Zach Jennings
Aruba Employee

Re: policy and firewall settings / initial config

Can you provide the output of "show license"?

 

-Mike

Aruba Employee

Re: policy and firewall settings / initial config

Also share the show keys all output. 

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Occasional Contributor II

Re: policy and firewall settings / initial config

I did install the licesnes but removed them because all of my profiles that are used have firewall policies of "Not Configured".  So when the licesnes were applied it applied a deny rule to all my users.

 

I think I am in a catch22 if you will.  To change the firewall policy I need to apply the Lic, but if I apply the Lic, the users get a Deny policy until it is configed.

 

Make sense?

Highlighted
Aruba Employee

Re: policy and firewall settings / initial config

Yes, we understand the issue.

 

1. Without license, you cannot create or edit the user role.

2. when the liceses are added and after reload, it should create the respective roles and polices. 

 

Please use the below steps. 

 

1. List out all the roles where the users are falling into. ( most likely logon or guest role)

1.  upload the license. 

2.  save the config and reload the controller.

3.  try "show right". you should be able to see the default polices and roles. 

4. If not copy and paste the commands on the attached file and you should be able to get the default roles and policies. 

 

 

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Occasional Contributor II

Re: policy and firewall settings / initial config

Since I did apply the licesnes at one time, I did a "show right" and got the following:

 

(jhsscmc3600) #show right

RoleTable --------- Name               ACL  Bandwidth                  ACL List                  Type ----               ---  ---------                  --------                  ---- ap-role            4    Up: No Limit,Dn: No Limit                            System cpbase             14   Up: No Limit,Dn: No Limit  cpbase/                   User denyall            12   Up: No Limit,Dn: No Limit  denyall/                  User guest              3    Up: No Limit,Dn: No Limit                            User guest-logon        6    Up: No Limit,Dn: No Limit                            User jmh-guest-cp_prof  39   Up: No Limit,Dn: No Limit  jmh-guest-cp_prof/        User logon              1    Up: No Limit,Dn: No Limit                            User stateful-dot1x     5    Up: No Limit,Dn: No Limit                            System sys-ap-role        7    Up: No Limit,Dn: No Limit  sys-control/,sys-ap-acl/  System (not editable)

 

There is a profile called "jmh-guest-cp_prof" that does have a firewall policy applied to it.  This user-role is not referenced anywhere so it is not in use.  If I change the firewall policy on this user role to a policy of "allowall", then apply my licesens will this allow my users to work?

Aruba Employee

Re: policy and firewall settings / initial config

Thanks for the reply. 

 

I suspect  "jmh-guest-cp_prof"  role was created by the controller, when you created a captive portal profile called "jmh-guest-cp_prof". (without PEF)

 

To answer your second question. 

 

You cannot apply any ACL to any role without applying license. You can do this after applying license and reloading the controller. 

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Occasional Contributor II

Re: policy and firewall settings / initial config

thanks for the help.  applied all applicable licesens.  all is well.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: