- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
11-04-2016 04:31 AM
Hi,
I configured a policy to allow traffic between clients that are on the same subnet, connected to the same AP, but the controller is dropping the packets! Deny inter user traffic is NOT selected on the VAP or global parameters. Deny inter user bridging is alson NOT selected.
The policy is configured as follows:
user network 172.16.90.0 255.255.254.0 any permit
Both clients are on the 172.16.90.0 network and the controller is dropping the traffic.
But if I change the policy to:
any network 172.16.90.0 255.255.254.0 any permit, the traffic is allowed as expected!
Both clients are authenticated, on the same role, with a policy containing the ACL above.
On the same policy, I have other ACL´s using the "user" name allowing traffic to other subnets and it works.
Has anyone experienced this? Is this the expected behavour to clients on the same subnet?
Thanks,
Heraldo.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
11-04-2016 07:15 AM
Using the 'user' alias as the source in a rule means that although one client will allow the traffic because it is from them, the other client will drop the traffic as the source is not the authenticated user.
You either need to use the 'any' alias or have 2 rules as below:
user network 172.16.90.0 255.255.254.0 any permit
network 172.16.90.0 255.255.254.0 user any permit
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: client-to-client traffic dropped on the same subnet
Re: client-to-client traffic dropped on the same subnet
11-07-2016 06:30 PM
Hi dave27,
Thanks for the reply. I used the "any" alias to make this work.
Regards,
Heraldo.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator