Wireless Access

Reply
MVP
Posts: 1,412
Registered: ‎11-30-2011

blocking wireless to wired communication and fing

"Deny Inter User Traffic" works perfectly to block wireless users from communicating with each other. only the wireless clients are perfectly able to communicate with the wired clients in the same network.

 

enabling "Deny Inter User Bridging" doesnt appear to change this. is this expected?

 

i can use an ACL on the user role to disable the communication with the wired clients. only after that im still able to use fing (android ap) to scan the subnet and find the wired clients.

 

this is on a 650 with ArubaOS 6.3 btw.

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: blocking wireless to wired communication and fing

If you use an ACL you're blocking L3 traffic between the wireless and wired clients.  If Fing uses a L2 mechanism like ARP to find devices on the network, than Fing would still be able to discover the wired clients this way.

 

I've never used "Deny Inter User Bridging" but the user guide indicates this is the feature you want to solve your problem.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: blocking wireless to wired communication and fing

[ Edited ]

not actually using ACLs, but using the "Deny Inter User Traffic" option which probably does the same on OS level.

 

yes "Deny Inter User Bridging" would seem to help according to the user guide, but i see no effect when turning it on. fing uses arp i noticed in a packet capture, might be that is still allowed even though the option is enabled.

 

so anyone got any actual experience to share here?

MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: blocking wireless to wired communication and fing

not sure who decided to accept that solution but it isn't solved. for me deny inter user bridging has no effect. if it does for you please do share that experience.

Guru Elite
Posts: 20,816
Registered: ‎03-29-2007

Re: blocking wireless to wired communication and fing

Are the wired users coming in on an untrusted port on the controller?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: blocking wireless to wired communication and fing

no, a trusted port, is that the reason?

Guru Elite
Posts: 20,816
Registered: ‎03-29-2007

Re: blocking wireless to wired communication and fing

Yes. It must be in the user table to be considered s "user". The compnerd method is the right way to work around that.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: blocking wireless to wired communication and fing

ok, clear, my bad for the untrusted / trusted part, should have checked that.

 

and sorry to drag this on but then i still don't get the "The compnerd method is the right way to work around that." remark. are you saying that using deny inter user bridging is the work around for port that are set to trusted? or is that remark about "If you use an ACL you're blocking L3 traffic between the wireless and wired clients."?

Guru Elite
Posts: 20,816
Registered: ‎03-29-2007

Re: blocking wireless to wired communication and fing

Deny inter user bridging only works for users actually in the table. If your wired users are not in the user table it will not work, period.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: blocking wireless to wired communication and fing

ok, crystal clear now, going to have some fun trying this in my lab.

Search Airheads
Showing results for 
Search instead for 
Did you mean: