Controllerless Networks

last person joined: 3 hours ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

IAP access different vlan

Jump to Best Answer
  • 1.  IAP access different vlan

    Posted Apr 15, 2015 02:23 PM

    Hi

     

    I have the followin scenario:

     

    2 SSIDs

    1 SSID "corp", with vlan assignment "default", same vlan as the VC

    1 SSID "guest", with static vlan assignment and dhcp from firewall

     

    These 2 SSIDs are on different vlans, how come a user connected to ssid "corp" can ping a user connected to ssid "guest"? Same thing if a user is connected to ssid "guest", it can access the VC.

     

    I thought that the SSIDs where separated since they are on different vlans. Ive created a firewall rule to deny access across SSIDs. Is there another way to accomplish that?

     

    Thanks

     

    Carlos



  • 2.  RE: IAP access different vlan

    Posted Apr 15, 2015 02:39 PM
    How did you apply the ACL rules ?
    Can you please share your config?


  • 3.  RE: IAP access different vlan

    Posted Apr 16, 2015 03:48 AM

    Hi

     

    I havent created any acl rules in instant, i allow everything on both SSIDs. I want the firewall to be the only device to regulate access. My question was if i have to create any acl rules in instant to block access across vlans or if there is another global function to do this

     

    best regards


    Carlos



  • 4.  RE: IAP access different vlan
    Best Answer

    Posted Apr 16, 2015 07:40 AM

    You can you these but in order for you to block in between Layer 3 boundaries you need apply ACL rules on that network
    Deny Inter User Bridging and Deny Local Routing

    To enable or disable these features, navigate to Settings > General in the Instant UI.
     Deny inter user bridging— This feature allows you to deny traffic between two clients which are directly connected to the same IAP or are on the same Instant network.
     Deny local routing— This feature allows you to deny local routing traffic between clients which are connected to the same IAP or are on the same Instant network.