Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 34
Registered: ‎01-20-2014

firewall settings for client isolation

What are the firewall settings for client isolation that actuaqlly work?

 

I've tried a mix of a few and the other clients still can see eachother.

 

I'm creating a new vlan and I need the clients to be completely isolated within that vlan.

 

 

Guru Elite
Posts: 8,188
Registered: ‎09-08-2010

Re: firewall settings for client isolation

You can do it at the virtual AP or global level. 


Thanks, 
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
MVP
Posts: 288
Registered: ‎08-27-2012

Re: firewall settings for client isolation

You would want to use deny inter user bridging.
ACDX #419 | ACMP |
Occasional Contributor II
Posts: 34
Registered: ‎01-20-2014

Re: firewall settings for client isolation

Can I use it on a single SSID or is it global?

 

I only want it on ONE SSID and not the other two

Guru Elite
Posts: 8,188
Registered: ‎09-08-2010

Re: firewall settings for client isolation

Yes, like I said, per virtual-ap (SSID) or globally. 


Thanks, 
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 34
Registered: ‎01-20-2014

Re: firewall settings for client isolation

How do you do that in the UI for just one SSID?

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: firewall settings for client isolation

Hi Friend,

 

You can enable " Deny Inter User Traffic" on VAP means we are enabling this per SSID basis.

 

Here is the method to enable it.

 

DIUT.JPG

 

Hope got your answer.

 

Please feel free for any further query on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Occasional Contributor II
Posts: 34
Registered: ‎01-20-2014

Re: firewall settings for client isolation

[ Edited ]

Is that airwave or the hardware controller?

 

Such option is not on the "instant" RAP109. My UI doesn't even look like that.

 

I see an option but it's GLOBAL and I want only one SSID VLAN (5) to isolate client traffic and not ALL  SSID VLANs.

 

Here's how I have it

 

SSID1:VLAN10=Main unrestricted VLAN for internal

SSID2:VLAN3=Guests and mobile devices

SSID3:VLAN5=Client systems that need web only access for software update and antivirus definitions. <<I want THIS one to have client isolation]

 

I only want the client isolation on SSID:VLAN5 and NOT the other SSID:VLANs

Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: firewall settings for client isolation

make your rules for that ssid to be like this.

 

IAP-firewall client isolation.JPG

 

which should achieve the client isolation for that ssid.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Guru Elite
Posts: 8,188
Registered: ‎09-08-2010

Re: firewall settings for client isolation

You need to do it at the CLI on Instant. 

http://www.arubanetworks.com/techdocs/Instant_41_Mobile/Advanced/Content/CLI_commands/wlan%20ssid-profile.htm?SearchType=Stem

Thanks, 
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: