Network Management

 View Only
last person joined: yesterday 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

ACL for VLAN

This thread has been viewed 45 times

  • 1.  ACL for VLAN

    Posted Jun 15, 2022 08:03 PM

    Dear Friends, 

    Now I would like to apply ACL for our new Guest Network. Need a bit help on Switch Config (ArubaOS-CX 8360 core switch). 

    The new guest network has been added to our Clearpass, using VLAN 150, now it is working. It is getting IP from our windows DHCP servers in production network vlan 102. Devices on Vlan 150 can reach to different VLANs at the moment. 

    If I want to apply Access-List to this VLAN 150, to deny accessing everything to different Vlans (108, 100, etc etc..). How could I define this Access List to deny any devices in VLAN 150 to reach to the rest of production network? 

    Thanks

    ML



    ------------------------------
    Becoming a Networking Engineer
    ------------------------------


  • 2.  RE: ACL for VLAN

    Posted Jun 19, 2022 08:49 PM
    Any updates please? 

    Thanks

    ------------------------------
    Becoming a Networking Engineer
    ------------------------------

    Original Message


  • 3.  RE: ACL for VLAN

    Posted Jun 21, 2022 11:04 AM
    Hi ML,
    I will soon be doing the same and am curious how you do that, and I would like to take it one step further.  Once the ACLs are on the core, can they be pushed out to the edge CX switches for enforcement?
    Kris
    Original Message


  • 4.  RE: ACL for VLAN

    Posted Jun 22, 2022 01:29 AM
    Hi Kris, 

    If you use VLAN ACL, it will restrict whatever ACL you defined for that particular VLAN regardless core or edge switch..Network traffic will be routed to Gateway on your Core Switch first. 

    Hopefully it helps.
    ML

    ------------------------------
    Becoming a Networking Engineer
    ------------------------------

    Original Message


  • 5.  RE: ACL for VLAN

    Posted Jun 22, 2022 07:43 AM
    Yes, that I understand.  I guess for the ACL to be applied at the edge, the edge switch would have to be the router for that vlan.  That makes perfect sense, thanks for your response!
    Kris


    E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized state official. (NCGS.Ch.132)



    Original Message