Controllerless Networks

Reply
Occasional Contributor II

Wireless users can not communicate with each other

Client connecting different sside can communicate with each other,

configuration as follow

 

aaa profile "Aruba-A"

   initial-role "Aruba-A"

!

aaa profile "Aruba-B"

   initial-role "Aruba-B"

!

wlan virtual-ap "Aruba-A"

   aaa-profile "Aruba-A"

   ssid-profile "Aruba-A"

   vlan 4

!

wlan virtual-ap "Aruba-B"

   aaa-profile "Aruba-B"

   ssid-profile "Aruba-B"

   vlan 3

 

Under normal circumstances  ,Clients can communicate with each other 

I want clients belong to vlan3 only with server (10.10.4.19)communicate,Can not communicate with other IPs inside vlan 4

 

I configuration  one policy as follow

 

netdestination server

  host 10.10.4.19

!

netdestination subnet_Local

  network 10.10.3.0 255.255.255.0

 !

ip access-list session Wifi_user

  alias subnet_Local alias server any permit

  alias subnet_Local user any deny

!

user-role Aruba-A

 access-list session global-sacl

 access-list session apprf-cisco-sacl

 access-list session Wifi_user

 access-list session allowall

 

After the configuration is complete,Vlan 3 IP can communicate with server 

 

 I have a question  

User-role Aruba-B  

 

 

Why not access-list session Wifi_user under user-role aruba-B?

 

 

Guru Elite

Re: Wireless users can not communicate with each other

How are your wifi users authenticating?  The initial-role parameter in the AAA profile is only for Open, WEP, or WPA2-PSK users.  If you are using 802.1x you would need to assign the default 802.1x role in the AAA profile to whatever role you want your clients to have.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: