Controller Based WLANs

What is the benefit of using the "deny inter-user-bridging" option?

Product and Software: This article applies to all Aruba controllers and ArubaOS versions.

 

If enabled, the "deny inter-user-bridging" option prevents the forwarding of Layer 2 traffic between wired or wireless users. You can configure user role policies that prevent Layer 3 traffic between users or networks, but this does not block Layer 2 traffic. This option can be used to prevent traffic, such as AppleTalk or IPX, from being forwarded. The "deny inter-user-bridging" option does not allow the forwarding of non-IP frames between untrusted users.

 

The following commands help narrow down the packet drop:

 

show datapath session

show acl hits

 

Note: Keep in mind that it does not allow ARP. ARP is not IP and thus, some IP stuff could be affected. For example, it can impact peer-to-peer multicast.

 

To enable the "deny inter-user-bridging" option, follow these steps:

 

WebGUI:

1) Navigate to Configuration > Advanced services > stateful firewall.

2) Check the fourth option, "Deny Inter User Bridging".

3) Apply and save the configuration.

 

CLI:

(Aruba6000) (Config) # Firewall deny-inter-user-bridging

Version History
Revision #:
1 of 1
Last update:
‎07-09-2014 02:31 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.