Security

Reply
Occasional Contributor I

Blocking access to each other within the same vlan

Hi,

 

Campus-Net is our 8021x configured SSID that our campus wireless users use for internet and the internal network. All wireless users connect to this SSID and then the users are authenticated with user roles and corresponding VLANs by the RADIUS server which is working with Active Directory. What we want to accomplish is ; How to prevent the users who are in the same VLAN to communicate with each other? 

 

Controller model :  3600

Software Version : 6.1.2.7

 

Best Regars,

 

Omer Faruk.

Contributor I

Re: Blocking access to each other within the same vlan

If you mean two wireless clients, on the same vlan; there's an Aruba configuration option for that. Let's say you want to configure this behavior for your employees, and you have a virtual AP called "Employee". Under the virtual AP profile, enter the following: wlan virtual-ap "Employee" deny-inter-user-traffic I have attached a screenshot of the WebUI indicating this configuration option. I hope this helps! - Jay
Occasional Contributor II

Re: Blocking access to each other within the same vlan

Hi, I've had the same need in the past. On the wireless side I've used the feature suggested above, on the wired side I've fixed by configuring port isolation on layer2 switches. The theory is: two switch ports belonging to the same isolation group cannot communicate each other. You configure port isolation on all except uplink ports. *** Use it with care, you could break some data path you could need ***

Bye.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: