Controllerless Networks

Reply
New Contributor

block client-to-client and allow external to initiate sessions

Hi,

 

Im trying to block client-to-client traffic and at the same time allow some external networks to initiate sessions with wirless clients. Ive tried to add the following rules, which deny clients-to-clients traffic but also block external networks to contact clients.

 

allow any on server 10.95.0.1(gateway)

deny any to network 10.95.0.0/24(wireless subnet)

allow any to all destination 

 

Whats the best practice in this situation? 

 

 

Guru Elite

Re: block client-to-client and allow external to initiate sessions

New Contributor

Re: block client-to-client and allow external to initiate sessions

Deny inter user bridging is enabled.

 

Currently im running acl in the switches that the IAPs are connected to to allow/deny traffic between clients that are on different IAPs. I would like to skip this and manage everything from the IAP controller.

Guru Elite

Re: block client-to-client and allow external to initiate sessions

If that is the case, use what you mentioned in your first post.  You would configure a role for your users, then rules within it:  http://www.arubanetworks.com/techdocs/Instant_41_WebHelp/InstantWebHelp.htm#UG_files/Roles_and_policies/ConfACLRule.htm

 

The rules below that you mentioned in your first post would work:

 

deny any to network 10.95.0.0/24(wireless subnet)
allow any to all destination 

 You do not have to allow traffic to your default gateway.  Hopefully you have no server resources like DNS or anything on 10.95.0.0/24



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: block client-to-client and allow external to initiate sessions

The problem is that the external network 192.168.10.0/24 needs to initiate sessions with the wireless clients. And the deny any to network 10.95.0.0/24 rule will block this, right?

Guru Elite

Re: block client-to-client and allow external to initiate sessions

Unfortunately, I think that is the case..

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: