Hi Raj,
I removed the policies and CPPM enforcement was already disabled.
Deny inter-user bridging and traffic is not enabled globally. Deny inter-user traffic is not enabled on the VAP.
I do see a deny as soon as I attempt to connect
.2 is the AppleTV and .3 is my Macbook
172.30.207.2 172.30.207.3 17 52160 64035 0/0 0 0 0 0/0/0 0 0 0 FDYCA
Then it looks like
(CDPQ-CTRL-1-LAB) #show datapath session table 172.30.207.2 | include 172.30.207.3
172.30.207.3 172.30.207.2 6 60838 49908 0/0 0 0 1 tunnel 17 1 2 116 CA
172.30.207.3 172.30.207.2 6 60837 7000 0/0 0 0 0 tunnel 17 2 30 6939 C
172.30.207.2 172.30.207.3 6 7000 60837 0/0 0 0 0 tunnel 17 2 29 5987
172.30.207.2 172.30.207.3 6 49908 60838 0/0 0 0 0 tunnel 17 1 2 116 A
172.30.207.2 172.30.207.3 17 52160 64035 0/0 0 48 0 0/0/0 0 2 120 FDC
I had BC/MC Rate Optimization enabled on the SSID, i disabled that, same result. It is not enabled on the VLAN either.
My user role rights are as follows:
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 user any udp 68 deny Low 4
2 any any svc-dhcp permit Low 4
3 user DVDNS svc-dns permit Low 4
4 user iNovia_subnet any permit Low 4
5 user private_range any deny Low 4
6 user any any permit Low 4
Where iNovia_subnet is
network 172.30.207.0 255.255.255.0
Even if i put authenticated as the user role, it is the same story.
The deny is going from the AppleTV to the macbook, the macbook firewall is disabled.