Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

blocking wireless to wired communication and fing

This thread has been viewed 0 times

  • 1.  blocking wireless to wired communication and fing

    Posted May 16, 2014 06:01 AM

    "Deny Inter User Traffic" works perfectly to block wireless users from communicating with each other. only the wireless clients are perfectly able to communicate with the wired clients in the same network.

     

    enabling "Deny Inter User Bridging" doesnt appear to change this. is this expected?

     

    i can use an ACL on the user role to disable the communication with the wired clients. only after that im still able to use fing (android ap) to scan the subnet and find the wired clients.

     

    this is on a 650 with ArubaOS 6.3 btw.



  • 2.  RE: blocking wireless to wired communication and fing
    Best Answer

    Posted May 17, 2014 10:39 PM

    If you use an ACL you're blocking L3 traffic between the wireless and wired clients.  If Fing uses a L2 mechanism like ARP to find devices on the network, than Fing would still be able to discover the wired clients this way.

     

    I've never used "Deny Inter User Bridging" but the user guide indicates this is the feature you want to solve your problem.



  • 3.  RE: blocking wireless to wired communication and fing

    Posted May 18, 2014 01:33 PM

    not actually using ACLs, but using the "Deny Inter User Traffic" option which probably does the same on OS level.

     

    yes "Deny Inter User Bridging" would seem to help according to the user guide, but i see no effect when turning it on. fing uses arp i noticed in a packet capture, might be that is still allowed even though the option is enabled.

     

    so anyone got any actual experience to share here?



  • 4.  RE: blocking wireless to wired communication and fing

    Posted Jul 28, 2014 03:42 AM

    not sure who decided to accept that solution but it isn't solved. for me deny inter user bridging has no effect. if it does for you please do share that experience.



  • 5.  RE: blocking wireless to wired communication and fing

    EMPLOYEE
    Posted Jul 28, 2014 06:09 AM

    Are the wired users coming in on an untrusted port on the controller?

     



  • 6.  RE: blocking wireless to wired communication and fing

    Posted Jul 28, 2014 07:10 AM

    no, a trusted port, is that the reason?



  • 7.  RE: blocking wireless to wired communication and fing

    EMPLOYEE
    Posted Jul 28, 2014 07:13 AM
    Yes. It must be in the user table to be considered s "user". The compnerd method is the right way to work around that.


  • 8.  RE: blocking wireless to wired communication and fing

    Posted Jul 28, 2014 09:08 AM

    ok, clear, my bad for the untrusted / trusted part, should have checked that.

     

    and sorry to drag this on but then i still don't get the "The compnerd method is the right way to work around that." remark. are you saying that using deny inter user bridging is the work around for port that are set to trusted? or is that remark about "If you use an ACL you're blocking L3 traffic between the wireless and wired clients."?



  • 9.  RE: blocking wireless to wired communication and fing

    EMPLOYEE
    Posted Jul 28, 2014 10:10 AM
    Deny inter user bridging only works for users actually in the table. If your wired users are not in the user table it will not work, period.


  • 10.  RE: blocking wireless to wired communication and fing

    Posted Jul 28, 2014 01:34 PM

    ok, crystal clear now, going to have some fun trying this in my lab.