Security

Reply
Occasional Contributor I
Posts: 5
Registered: ‎01-11-2012

Deny Inter User Traffic

Hi All

we have enabled deny inter user traffic on one of the SSID . Now we are having issue with Cisco Jabber clients which use UDP Ports 16384 to 32766 (inbound and outbound) . In the user role we have a role with allowall . How we can allow communication between clients on these UDP ports and the same time keep the deny inter user traffic setting on ? 

Guru Elite
Posts: 20,993
Registered: ‎03-29-2007

Re: Deny Inter User Traffic

Deny Inter user traffic blocks all traffic, so you should not use it in an environment where users need to communicate with each other.  I would have your users turn their host-based firewalls on.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎01-11-2012

Re: Deny Inter User Traffic

Thanks Joseph

 

is there any way to drop inter vlan communication ? i have four vlans

192.168.10.0/24

192.168.11.0/24

192.168.12.0/24

192.168.13.0/24 

 

and 192.168.10.1,192.168.11.1,192.168.12.1 and 192.168.13.1 are the gateway ips of each subnet. is it possible to drop the communication between  clients in each subnet .

 

Guru Elite
Posts: 20,993
Registered: ‎03-29-2007

Re: Deny Inter User Traffic

You can create a session ACL in the role for your users that allows UDP Ports 16384 to 32766 and then blocks traffic to 

 

192.168.10.0/24

192.168.11.0/24

192.168.12.0/24

192.168.13.0/24  

 

You can then allow traffic to whatever else your clients need to get to.

 

Why you would  NOT do this however, is that it becomes very difficult to troubleshoot traffic issues if you have a long list of blocks and permits...

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: