Configuration Examples‎ > ‎HP / HPE‎ > ‎Aruba HPE‎ > ‎

Access lists on HPE Aruba 2930M

How to create ACL's / Access lists on HPE Aruba ArubaOS Switches

I created an ACL on the HPE Aruba 2930M switch to restrict access for a guest network. The guest network was prevented from accessing any internal network address ranges, but allowed users to browse the internet.

The guest network IP address range is 192.168.0.0/23

First create the ACL

ip access-list extended "GUEST-ACL"
     10 permit ip 192.168.0.0 0.0.1.255 192.168.0.0 0.0.1.255
     20 deny ip 192.168.0.0 0.0.1.255 10.0.0.0 0.255.255.255 log
     30 deny ip 192.168.0.0 0.0.1.255 172.16.0.0 0.15.255.255 log
     40 deny ip 192.168.0.0 0.0.1.255 192.168.0.0 0.0.255.255 log
     50 permit ip 192.168.0.0 0.0.1.255 0.0.0.0 255.255.255.255 log
   exit

Basically, 
  • Line 10 enables hosts on the 192.168.0.0/23 subnet to talk to each other. Without this line, traffic will not be able to enter the VLAN.
  • Line 20,30 & 40 restrict access to any internal address spaces (RFC1918)
  • Line 50 permits the 192.168.0.0/23 network to speak to every other address

Then apply the ACL to the VLAN interface

vlan 10
   name "Guest Network"
   ip access-group "GUEST-ACL" in
   ip address 192.168.0.1 255.255.254.0
   exit