Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Deny Inter User Traffic in Forwarding Mode: Bridge

  • 1.  Deny Inter User Traffic in Forwarding Mode: Bridge

    Posted Dec 19, 2017 02:57 AM

    Hi!

     

    I've read (in a 2014 Thread) that ARUBA does not support Deny Inter User Traffic in Forwarding Mode Bridge.

     

    I have my WLAN's running in Forwarding Mode: Bridge! :)


    Is it possible to block inter user traffic, using the PEF-NG license on the ARUBA Controller (running 8.2)?

     

    thx 4 info & BR

     

     

     

     

     

     



  • 2.  RE: Deny Inter User Traffic in Forwarding Mode: Bridge

    Posted Dec 19, 2017 06:01 AM

    Hi

     

    Did you try the "Deny inter user traffic" Option on the VAP-Profil. I'm not sure if it works. But give a try. ;)

     

    In the bridge mode you have no change to apply Firewall Policies because - as you know - the traffic goes not throuw the controller. 

     

    Cheers



  • 3.  RE: Deny Inter User Traffic in Forwarding Mode: Bridge

    Posted Dec 19, 2017 07:23 AM

    @frenzied wrote:

    Hi!

     

    I've read (in a 2014 Thread) that ARUBA does not support Deny Inter User Traffic in Forwarding Mode Bridge.

     

    I have my WLAN's running in Forwarding Mode: Bridge! :)


    Is it possible to block inter user traffic, using the PEF-NG license on the ARUBA Controller (running 8.2)?

     

    thx 4 info & BR

     

     

     

     

     

     


    What kind of traffic are you trying to block?



  • 4.  RE: Deny Inter User Traffic in Forwarding Mode: Bridge

    Posted Dec 19, 2017 07:57 AM

    Hi Joseph!

     

    I have the need that all clients in the wireless network should not be visible to each other (like the fing app)!

     

    BR



  • 5.  RE: Deny Inter User Traffic in Forwarding Mode: Bridge

    Posted Dec 19, 2017 08:23 AM

    Unfortunately, the Fing app will always show clients on the network, because it looks at ARPs, which we cannot block.  We can certainly block clients from accessing each other using an ACL, however..

     

    EDIT:  I mean we cannot block Fing discovery when using a bridged SSID.  Enabling "Deny Inter User Bridging" does block Fing discovery of users when the forwarding mode is Tunnel on an SSID.



  • 6.  RE: Deny Inter User Traffic in Forwarding Mode: Bridge

    Posted Dec 19, 2017 09:26 AM

    Hi Joseph!

     

    That is the explanation i wanted to hear! :)

     

    And with the ACL configured on the controller, i can block the traffic (forwarding mode: bridged) between all clients in my subnet except ARP.

     

    BR

    Richard