Controllerless Networks

Reply
Occasional Contributor II

Wireless users can not communicate with each other

Client connecting different sside can communicate with each other,

configuration as follow

 

aaa profile "Aruba-A"

   initial-role "Aruba-A"

!

aaa profile "Aruba-B"

   initial-role "Aruba-B"

!

wlan virtual-ap "Aruba-A"

   aaa-profile "Aruba-A"

   ssid-profile "Aruba-A"

   vlan 4

!

wlan virtual-ap "Aruba-B"

   aaa-profile "Aruba-B"

   ssid-profile "Aruba-B"

   vlan 3

 

Under normal circumstances  ,Clients can communicate with each other 

I want clients belong to vlan3 only with server (10.10.4.19)communicate,Can not communicate with other IPs inside vlan 4

 

I configuration  one policy as follow

 

netdestination server

  host 10.10.4.19

!

netdestination subnet_Local

  network 10.10.3.0 255.255.255.0

 !

ip access-list session Wifi_user

  alias subnet_Local alias server any permit

  alias subnet_Local user any deny

!

user-role Aruba-A

 access-list session global-sacl

 access-list session apprf-cisco-sacl

 access-list session Wifi_user

 access-list session allowall

 

After the configuration is complete,Vlan 3 IP can communicate with server 

 

 I have a question  

User-role Aruba-B  

 

 

Why not access-list session Wifi_user under user-role aruba-B?

 

 

Guru Elite

Re: Wireless users can not communicate with each other

How are your wifi users authenticating?  The initial-role parameter in the AAA profile is only for Open, WEP, or WPA2-PSK users.  If you are using 802.1x you would need to assign the default 802.1x role in the AAA profile to whatever role you want your clients to have.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: