Client connecting different sside can communicate with each other,
configuration as follow
aaa profile "Aruba-A"
initial-role "Aruba-A"
!
aaa profile "Aruba-B"
initial-role "Aruba-B"
!
wlan virtual-ap "Aruba-A"
aaa-profile "Aruba-A"
ssid-profile "Aruba-A"
vlan 4
!
wlan virtual-ap "Aruba-B"
aaa-profile "Aruba-B"
ssid-profile "Aruba-B"
vlan 3
Under normal circumstances ,Clients can communicate with each other
I want clients belong to vlan3 only with server (10.10.4.19)communicate,Can not communicate with other IPs inside vlan 4
I configuration one policy as follow
netdestination server
host 10.10.4.19
!
netdestination subnet_Local
network 10.10.3.0 255.255.255.0
!
ip access-list session Wifi_user
alias subnet_Local alias server any permit
alias subnet_Local user any deny
!
user-role Aruba-A
access-list session global-sacl
access-list session apprf-cisco-sacl
access-list session Wifi_user
access-list session allowall
After the configuration is complete,Vlan 3 IP can communicate with server
I have a question
User-role Aruba-B
Why not access-list session Wifi_user under user-role aruba-B?