Controllerless Networks

Occasional Contributor II

Wireless users can not communicate with each other

Client connecting different sside can communicate with each other,

configuration as follow


aaa profile "Aruba-A"

   initial-role "Aruba-A"


aaa profile "Aruba-B"

   initial-role "Aruba-B"


wlan virtual-ap "Aruba-A"

   aaa-profile "Aruba-A"

   ssid-profile "Aruba-A"

   vlan 4


wlan virtual-ap "Aruba-B"

   aaa-profile "Aruba-B"

   ssid-profile "Aruba-B"

   vlan 3


Under normal circumstances  ,Clients can communicate with each other 

I want clients belong to vlan3 only with server (,Can not communicate with other IPs inside vlan 4


I configuration  one policy as follow


netdestination server



netdestination subnet_Local



ip access-list session Wifi_user

  alias subnet_Local alias server any permit

  alias subnet_Local user any deny


user-role Aruba-A

 access-list session global-sacl

 access-list session apprf-cisco-sacl

 access-list session Wifi_user

 access-list session allowall


After the configuration is complete,Vlan 3 IP can communicate with server 


 I have a question  

User-role Aruba-B  



Why not access-list session Wifi_user under user-role aruba-B?



Guru Elite

Re: Wireless users can not communicate with each other

How are your wifi users authenticating?  The initial-role parameter in the AAA profile is only for Open, WEP, or WPA2-PSK users.  If you are using 802.1x you would need to assign the default 802.1x role in the AAA profile to whatever role you want your clients to have.

Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: