Users Guide
any any app youtube permit
any any any deny
This example shows a DPI rule along with a L3/L4 rule with forwarding action in the same ACL.
ip access-list session AppRules
any any app Facebook permit tos 45
any any app YouTube deny
any any appcategory peer-to-peer deny
any any tcp 23 permit
network 40.1.0.0/16 any tcp 80 permit tos 60
network 20.1.0.0/16 any tcp 80 src-nat
!
ip access-list session NetRules
network 80.0.0.0/24 any tcp 80 deny
network 60.0.0.0/24 any tcp 80 dual-nat pool <pool1>
network 10.0.0.0/24 any tcp 80 dst-nat
!
user-role Role1
session-acl AppRules
session-acl NetRules
!
The following command configures a session ACL with IPv4 and IPv6 address:
(host) (config)#ip access-list session common
(host) (config-sess-common)#host 10.12.13.14 any any permit
(host) (config-sess-common)#ipv6 host 11:12:11:11::2 any any permit
The following example displays information for an ACL called mylist.
(host) (config) #show ip access-list mylist
ip access-list session mylist
mylist
---------
Priority Source Destination Service Application Action TimeRange Log Expired Queue
TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- -
-- ----- --------- ------ ------- ------------- ------ --------
1 any any app gmail deny Low
4
Command History
Release Modification
ArubaOS 3.0 This command was introduced.
ArubaOS 6.3 The any tcp source parameter was introduced.
ArubaOS 6.4 The redirect parameter was introduced under action. The app, and appcat-
egory parameters were introduced under service.
ArubaOS 6.4.2.0
The web-cc-category and web-cc-reputation parameters were
introduced, allowing users to define an ACL for a web content category or
web content reputation type.
Dell Networking W-Series ArubaOS 6.4.x | User Guide ip access-list session | 512