Security

Heraldo · ‎11-04-2016

Hi,

I configured a policy to allow traffic between clients that are on the same subnet, connected to the same AP, but the controller is dropping the packets! Deny inter user traffic is NOT selected on the VAP or global parameters. Deny inter user bridging is alson NOT selected.

The policy is configured as follows:

user network 172.16.90.0 255.255.254.0 any permit

Both clients are on the 172.16.90.0 network and the controller is dropping the traffic.

But if I change the policy to:

any network 172.16.90.0 255.255.254.0 any permit, the traffic is allowed as expected!

Both clients are authenticated, on the same role, with a policy containing the ACL above.

On the same policy, I have other ACL´s using the "user" name allowing traffic to other subnets and it works.

Has anyone experienced this? Is this the expected behavour to clients on the same subnet?

Thanks,

Heraldo.

dave27 · ‎11-04-2016

Using the 'user' alias as the source in a rule means that although one client will allow the traffic because it is from them, the other client will drop the traffic as the source is not the authenticated user.

You either need to use the 'any' alias or have 2 rules as below:

user network 172.16.90.0 255.255.254.0 any permit

network 172.16.90.0 255.255.254.0 user any permit

Heraldo · ‎11-07-2016

Hi dave27,

Thanks for the reply. I used the "any" alias to make this work.

Regards,

Heraldo.

Innovate at the speed of mobile and IoT.

Be in the know.

Join, Learn, Share.

How can we help?

Essential Reading.

Ideas Exchange.

Security

client-to-client traffic dropped on the same subnet

client-to-client traffic dropped on the same subnet

Re: client-to-client traffic dropped on the same subnet

Re: client-to-client traffic dropped on the same subnet

Re: client-to-client traffic dropped on the same subnet

Re: client-to-client traffic dropped on the same subnet

Encrypting Guest traffic

NPS 2008 - user auth and fails not showing in eventviewer?

Step-by-Step: How to Configure Microsoft IAS Radius Server from Scratch

limiting the number of device s a user can have

EAP-TLS Authenication

Creative Configurations

Ap-80mb

Remote AP Split Tunneling

CLI Command reference guide

Remote AP

WPA-PSK and VLAN assignment via MAC address

Cisco ACS and Aruba Radius Auth

Remove wireless profiles on Windows XP machines

Rolling out 802.1x with GTC

Making DHCP mandatory on Aruba WLAN

AirMesh Downloads

AirWave Downloads

Amigopod Downloads

Aruba Access Point 80 SB/MB Download

Aruba Instant Downloads

Indoor 802.11n Site Survey and Planning

Base Designs Lab Setup for Validated Reference Design

Optimizing Aruba WLANs for Roaming Devices

Managing and Optimizing RF Spectrum for Aruba WLANs

Guest Access with ArubaOS

Security

client-to-client traffic dropped on the same subnet

client-to-client traffic dropped on the same subnet

Re: client-to-client traffic dropped on the same subnet

Re: client-to-client traffic dropped on the same subnet

Re: client-to-client traffic dropped on the same subnet

Re: client-to-client traffic dropped on the same subnet

Follow Us