Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
If enabled, the "deny inter-user-bridging" option prevents the forwarding of Layer 2 traffic between wired or wireless users. You can configure user role policies that prevent Layer 3 traffic between users or networks, but this does not block Layer 2 traffic. This option can be used to prevent traffic, such as AppleTalk or IPX, from being forwarded. The "deny inter-user-bridging" option does not allow the forwarding of non-IP frames between untrusted users.
The following commands help narrow down the packet drop:
show datapath session
show acl hits
Note: Keep in mind that it does not allow ARP. ARP is not IP and thus, some IP stuff could be affected. For example, it can impact peer-to-peer multicast.
To enable the "deny inter-user-bridging" option, follow these steps:
1) Navigate to Configuration > Advanced services > stateful firewall.
2) Check the fourth option, "Deny Inter User Bridging".
3) Apply and save the configuration.
(Aruba6000) (Config) # Firewall deny-inter-user-bridging