Security, WIDS/WIPS and Aruba ECS

Reply
Occasional Contributor I

Blocking wireless client to client communication?

Hello, can someone tell me the ACL to block wireless client to client communication?
Thanks
Aruba Employee

Re: Blocking wireless client to client communication?

Hi Tammy,

You can just block user access to the subnet they are on, assuming of course that you have a separate subnet just for users.

any network 192.168.1.0 255.255.255.0 any deny

Just replace the network you want blocked with your own. You might also want to use a net destination alias if you have a lot of networks to block.

-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Occasional Contributor I

Re: Blocking wireless client to client communication?

Thanks Andy. I was looking more to block communication between clients on the same subnet.
Occasional Contributor II

Re: Blocking wireless client to client communication?

ip access-list session "block"
alias "user" alias "user" any deny
!

"user" is already a defined alias in the Aruba config.
Occasional Contributor I

Re: Blocking wireless client to client communication?

Thanks!!
Aruba Employee

Re: Blocking wireless client to client communication?




Hi Tammy,

That's what that piece of code will do. Assuming all of your clients are in 192.168.1.0/24, it would stop clients from talking to one another based on their subnet. For example, if I tried to communicate to a station from 192.168.1.2 and that station was at 192.168.1.3 I would be blocked. Does that make sense?

-awl

Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Occasional Contributor II

Re: Blocking wireless client to client communication?

I could see blocking users from contacting each other to stop P2P or viruses from scanning the network, BUT remote desktop is big at my college so we plan to do it based on role priveleges. There is also a "radio button" option that enables host blockings. Cant remember where but its there.
Contributor I

Re: Blocking wireless client to client communication?

Hi

Maybe, you could enable the Prevent L2 Bridging between Wireless Users option in stateful firewall. But this option, is valid for all wireless profiles. I don´t know if there is an option for a virtual ap only.

Best regards
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: