Wireless Access

Reply
Occasional Contributor II
Posts: 10
Registered: ‎09-27-2015

Block traffic from specific SSID which is in bridge mode

Hello

I have access points at branch office which are controlled centrally by aruba controller.

SSID-s which are broadcasted at branch are in bridge mode. 

For  one ssid i need coplete isolation from other networks. Users which will be connected to this SSID must see each other but not any other network. 

How can i accomplish this ? 

 

 

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Block traffic from specific SSID which is in bridge mode

[ Edited ]

Just configure your firewall policies for the roles on that SSID so that they cannot talk to other networks.   The AP wll do the firewalling for you.    When you say they cannot see any other network, do you mean even the Internet??    Two examples below.

 

The following is an example to block other networks (Internet is allowed):

 

netdestination BLOCK-NETS

  network x.x.x.x y.y.y.y

  network x.x.x.x y.y.y.y

 

ip access-list session BLOCK-OTHER-NETS

  user alias BLOCK-NETS any deny

 

user-role BRIDGE-USER

  access-list session BLOCK-OTHER-NETS

  access-list session allowall

 

The following is an example to allow only local communication; nothing else:

 

netdestination BRIDGE-NETS

  network x.x.x.x y.y.y.y

  network x.x.x.x y.y.y.y

 

ip access-list session BRIDGE-NET-ACCESS

  user alias BRIDGE-NETS any permit

  alias BRIDGE-NETS user any permit

 

user-role BRIDGE-USER

  access-list session BRIDGE-NET-ACCESS

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
Showing results for 
Search instead for 
Did you mean: