12-01-2011 02:27 AM
I have a question regarding traffic control between wired clients on different RAPs.
Setup: Two wired clients (A and B) which are connected to two separate RAPs. Both RAPs are in the same AP Group. Both wired clients are connected to the same VLAN.
How has the configuration to look like so that:
a) Client A is able to communicate with client B but no broadcast traffic from Site A is forwarded to site B and vice versa (some kind of proxy ARP I assume)?
b) Client A is not able to communicate with client B but both clients are able to communicate to clients in other subnets through the gateway)? Also in this case no broadcast traffic from Site A should be forwarded to site B and vice versa.
In both cases, the default gateway should be external (not controller).
Thank you for your support in advance!
12-01-2011 05:04 AM - edited 12-01-2011 05:05 AM
To suppress broadcast traffic on a wired interface you would configure that under the VLAN. For example, if that wired interface of the RAP was on VLAN 100.
interface VLAN 100
That command does not block ARP or DHCP traffic. This would block traffic on wired as well as wireless for that VLAN specifically, so if other WLANs use that VLAN, broadcast traffic would be blocked, as well. Please be aware it only works on ArubaOS 6.x and above.
To prevent clients from talking to each other, you would have to make the wired port untrusted and apply an ACL blocking traffic to those destinations that you don't want clients talking to.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base