Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
New Contributor

Re: Wireless Client Isolation

I've changed the roles and associated policies (allow all) before posting this issue in here. 

New Contributor

Re: Wireless Client Isolation

Thank you Ryan, helpful info. However i have only one policy enabled in my roles (both wireless and wired)  -  "allow all". All i need - just to completely isolate wireless clients from each other (even ARPs should be denied), but wired devices in the same VLAN should be reachable by wireless clients. Rest of wired security policies are implemented on security appliance, not on WLC.  That's why i just turned on  "inter-user isolation", and supposed that that's enough.  

Highlighted
Frequent Contributor II

Re: Wireless Client Isolation

Assuming ArubaOS 6.4.x you are unclear what you enabled.

 

Deny Inter User Bridging

Deny Inter User Traffic

or both?

 

According to the User Guide, there is no "inter-user isolation" option.

 

We have both options turned off in our environment. Unless your wired traffic is tunneled through the controller oto, users coud just access each other over wired.


Bruce Osborne - Wireless Engineer
ACCP, ACMP
Frequent Contributor II

Re: Wireless Client Isolation

Assuming ArubaOS 6.4.x you are unclear what you enabled.

 

Deny Inter User Bridging

Deny Inter User Traffic

or both?

 

According to the User Guide, there is no "inter-user isolation" option.

We have both options turned off in our environment. Unless your wired traffic is tunneled through the controller, users could just access each other over wired.


Bruce Osborne - Wireless Engineer
ACCP, ACMP
Frequent Contributor II

Re: Wireless Client Isolation

You should contact the SE on your Aruba account team for additional assistance. They can look at your configuraton and assist as needed.

 

Another option may be to open an Aruba TAC support case.


Bruce Osborne - Wireless Engineer
ACCP, ACMP
New Member

Re: Wireless Client Isolation

If listing all of the vlans as untrusted that could be part of the issue as well... When marked did you apply a polciy on those vlans? 

T.J. Norton - Wireless Engineer
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: