Hi guys,
I also found that as usual, the Aruba documentation isn't somewhat clear. According to the ArubaOS Hardening guide, "Deny Inter User Traffic" is intended only for wireless, and "Deny Inter User Bridging" is intended only for non-IP traffic:
Preventing Inter-User Traffic
When this setting is enabled, wireless users are prevented from communicating with each other. All traffic originating from a wireless user, destined for another wireless user, is dropped. Note that this option may have significant impacts on network behavior; all forms of peer-to-peer communication are interrupted. To enable the feature:
(Hostname) (config) #firewall deny-inter-user-traffic
A related feature will block only non-IP traffic, but will permit IP traffic between users (subject to firewall policies that have been applied to the user role.) This is a less-restrictive option than the previous setting. Because ARP traffic is considered non-IP, this setting will also disrupt ARP between wireless clients. For this reason, you may wish to enable proxy ARP on the user VLANs, which will cause the controller to proxy-ARP on behalf of wireless users.
(Hostname) (config) #firewall deny-inter-user-bridging
(Hostname) (config) #interface vlan 1
(Hostname) (config-subif)#ip local-proxy-arp
Any ideas?
Regards,
Julián