Dear colleagues, I have the issue with deny inter-user traffic feature on my Aruba 7205 Controller. Actually i've did all as described in user guide, but still no luck. I have vlan 1000 and external DHCP/Gateway in this vlan, which serve ip address and internet access to wireless users. Everything works ok, but as per our security regulation - l2&l3 inter-user communication has to be denied. After enabling "deny inter-user traffic" under the AP profile - i'm not able to obtain ip address from my access gateway. Port is in trunk mode, vlan 1000 is untrusted. Wireless users assigned to "logon" role and wired devices are in guest role. I've also played with user roles, by assigning aaa profile to wired devices, but still no luck.. It seems that desired isolation can be achieved just by couple of clicks, but still cannot catch why it doesn't work for me? Never had such a problem with another vendors.
P.S. Desired network topology in attachements. Controller without PEF license.