Manualshelf

Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series 228 Access Points
491492493494495496497498499500
499| ip access-list session Dell Networking W-Series ArubaOS 6.5.x| Reference Guide
ip access-list session control
any any app gmail-chat permit
any any app youtube permit
any any any deny
This example shows a DPI rule along with a L3/L4 rule with forwarding action in the same ACL.
ip access-list session AppRules
any any app Facebook permit tos 45
any any app YouTube deny
any any appcategory peer-to-peer deny
any any tcp 23 permit
network 40.1.0.0/16 any tcp 80 permit tos 60
network 20.1.0.0/16 any tcp 80 src-nat
!
ip access-list session NetRules
network 80.0.0.0/24 any tcp 80 deny
network 60.0.0.0/24 any tcp 80 dual-nat pool <pool1>
network 10.0.0.0/24 any tcp 80 dst-nat
!
user-role Role1
session-acl AppRules
session-acl NetRules
!
The following command configures a session ACL with IPv4 and IPv6 address:
(host) (config)#ip access-list session common
(host) (config-sess-common)#host 10.12.13.14 any any permit
(host) (config-sess-common)#ipv6 host 11:12:11:11::2 any any permit
The following example displays information for an ACL called mylist:
(host) (config) #show ip access-list mylist
ip access-list session mylist
mylist
---------
Priority Source Destination Service Application Action TimeRange Log Expired Queue
TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- -
-- ----- --------- ------ ------- ------------- ------ --------
1 any any app gmail deny Low
4
The following example shows how this local-override netdestination alias is used in the controller:
(config) #ip access-list session store-override
(config-sess-store-override)#any alias store any permit
(config-sess-store-override)#alias store any any deny
(config-sess-store-override)#!
(config) #show ip interface brief
Interface IP Address / IP Netmask Admin Protocol
vlan 1 172.72.10.254 / 255.255.255.0 up up
vlan 55 55.55.55.1 / 255.255.255.0 up up
loopback unassigned / unassigned up up
(config) #show acl acl-table | include store-override 81 session 744 2 3 store-
override 0
(config) #show acl ace-table acl 81
744: any 55.55.55.36 255.255.255.255 0 0-0 0-0 f80001:permit
745: 55.55.55.36 255.255.255.255 any 0 0-0 0-0 f80000:deny
746: any any 0 0-0 0-0 f180000:deny