Wireless Access

last person joined: 4 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Deny traffic from virtual AP to virtual AP question

This thread has been viewed 0 times

  • 1.  Deny traffic from virtual AP to virtual AP question

    Posted Feb 07, 2013 12:39 PM

    How can I block communication from 1 virtual AP to another?

     

    Here is what I would like

     

    Staff SSID, vlan ID 202 IP 10.202.0.0/16

     

    Security SSID, vlan IS 203 IP 10.203.0.0/16

     

    This is working great and DHCP works great too, however people on the staff can access the security network.  How can I shut that down?  But allow security to get onto staff?



  • 2.  RE: Deny traffic from virtual AP to virtual AP question

    Posted Feb 07, 2013 12:50 PM

     

    You could create a ROLE with a certain ACL denying traffic from that IP SPACE to X.X.X.X and apply it to the AAA-PROFILE assigned to that VAP.

     

    Hope that helps.



  • 3.  RE: Deny traffic from virtual AP to virtual AP question

    MVP EXPERT
    Posted Feb 13, 2013 11:04 AM

    What about inter vlan routing? Nabbed frmo the UG :)

     

    You can optionally disable layer-3 traffic forwarding to or from a specified VLAN. When you disable layer-3
    forwarding on a VLAN, the following restrictions apply:
    -  Clients on the restricted VLAN can ping each other, but cannot ping the VLAN interface on the
    -  IP mobility does not work when a mobile client roams to the restricted VLAN. You must ensure that a
    mobile client on a restricted VLAN is not allowed to roam to a non-restricted VLAN. For example, a
    mobile client on a guest VLAN should not be able to roam to a corporate VLAN.
    To disable layer-3 forwarding for a VLAN configured on the controller: