"Deny Inter User Traffic" works perfectly to block wireless users from communicating with each other. only the wireless clients are perfectly able to communicate with the wired clients in the same network.
enabling "Deny Inter User Bridging" doesnt appear to change this. is this expected?
i can use an ACL on the user role to disable the communication with the wired clients. only after that im still able to use fing (android ap) to scan the subnet and find the wired clients.
this is on a 650 with ArubaOS 6.3 btw.