Controller Based WLANs

How to block traffic between users (L2 and L3)

by on ‎07-02-2014 02:01 PM

Product and Software: This article applies to all Aruba controllers and ArubaOS versions.

 

Blocking traffic between users on both layer 2 and layer 3 must be completed in two steps.
 
1. Layer 2 traffic - to block this traffic we prevent bridging of user traffic. This feature is to mitigate layer 2 LAN protocols (Appletalk, NetBeui, etc) issues. command: firewall deny-inter-user-bridging Caveat: this command will only prevent bridging on an individual controller not across different controllers.
 
2. Layer 3 Traffic - to block layer 3 firewall polices must be configured and applied. Here is an example, where we block all user traffic with a destination on the same subnet (10.0.0.0/24) with the exception of traffic for the 2 hosts 10.0.0.1, 10.0.0.2 and the controller:
 
!**** example ***
! netdestination "User-Subnet" network 10.0.0.0 255.0.0.0
! netdestination "allowed-hosts" host 10.0.0.1 host 10.0.0.2
!
! ip access-list session block-inter-user
user alias mswitch any permit
user alias allowed-hosts any permit
user alias User-Subnet any deny user any any permit !
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.