How to disable traffic from the wired network to the wireless network on IAP
Environment : This article applies to all Instant Access Points (IAP's) running Aruba InstantOS.
On IAP, if you would like to disable traffic from the wired network to the wireless network (and that wired network is on the same VLAN), simply disabling client bridging will not work. Wired traffic can still see wireless traffic, even though guest clients cannot see each other. Instead, you must make the following rule for that SSID. This forces all traffic coming in or out of the IAP ethernet interface to flow out through the gateway for policy management.
Rules on SSID
Allow any on server 192.168.1.1 Deny any to network 192.168.1.0/255.255.255.0 Allow any to all destinations