We help IT Professionals succeed at work.
Get Started
Proper ACL for guest wireless traffic
Info:
Aruba 3810
Vlans 801,802,803
Vlan 802 is our guest wireless subnet. I need to allow it to pull DNS from 801, pull dhcp from the switch, but not have any other access to 801 or 802 and go directly to the Internet, allowing all protocols. I only have access to the switch and am unable to test, so need to be sure I have things set up correctly. Does this accomplish what I need, based on the included config?
ip access-list extended "Guest Vlan Access"
10 permit tcp 10.10.0.0 0.0.255.255 eq 53 172.17.0.0 0.0.255.255 log
20 deny ip 10.10.0.0 0.0.255.255 172.17.0.0 0.0.255.255 log
30 deny ip 10.10.0.0 0.0.255.255 10.13.0.0 0.0.255.255 log
40 permit ip 10.10.0.0 0.0.255.255 0.0.0.0 255.255.255.255
Config:
Aruba 3810
Vlans 801,802,803
Vlan 802 is our guest wireless subnet. I need to allow it to pull DNS from 801, pull dhcp from the switch, but not have any other access to 801 or 802 and go directly to the Internet, allowing all protocols. I only have access to the switch and am unable to test, so need to be sure I have things set up correctly. Does this accomplish what I need, based on the included config?
ip access-list extended "Guest Vlan Access"
10 permit tcp 10.10.0.0 0.0.255.255 eq 53 172.17.0.0 0.0.255.255 log
20 deny ip 10.10.0.0 0.0.255.255 172.17.0.0 0.0.255.255 log
30 deny ip 10.10.0.0 0.0.255.255 10.13.0.0 0.0.255.255 log
40 permit ip 10.10.0.0 0.0.255.255 0.0.0.0 255.255.255.255
Config:
vlan 801
name "VLAN801"
untagged 13
ip address 172.17.1.2 255.255.0.0
exit
vlan 801
name "VLAN801"
untagged 13
ip address 172.17.1.2 255.255.0.0
exit
vlan 802
name "VLAN802"
untagged 15
ip access-group "Guest Vlan Access" out
ip address 10.10.250.2 255.255.0.0
dhcp-server
exit
vlan 803
name "VLAN803"
untagged 16
ip address 10.13.253.1 255.255.0.0
dhcp-server
exit
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE