04-15-2015 11:23 AM
I have the followin scenario:
1 SSID "corp", with vlan assignment "default", same vlan as the VC
1 SSID "guest", with static vlan assignment and dhcp from firewall
These 2 SSIDs are on different vlans, how come a user connected to ssid "corp" can ping a user connected to ssid "guest"? Same thing if a user is connected to ssid "guest", it can access the VC.
I thought that the SSIDs where separated since they are on different vlans. Ive created a firewall rule to deny access across SSIDs. Is there another way to accomplish that?
Solved! Go to Solution.
04-16-2015 12:48 AM
I havent created any acl rules in instant, i allow everything on both SSIDs. I want the firewall to be the only device to regulate access. My question was if i have to create any acl rules in instant to block access across vlans or if there is another global function to do this
04-16-2015 04:39 AM
You can you these but in order for you to block in between Layer 3 boundaries you need apply ACL rules on that network
Deny Inter User Bridging and Deny Local Routing
To enable or disable these features, navigate to Settings > General in the Instant UI.
Deny inter user bridging— This feature allows you to deny traffic between two clients which are directly connected to the same IAP or are on the same Instant network.
Deny local routing— This feature allows you to deny local routing traffic between clients which are connected to the same IAP or are on the same Instant network.
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA