On Central/IAP, they call it Deny Intra-VLAN and it is per-SSID, but on AOS8 I think they call it Deny Inter User Bridging / Deny Inter User Traffic and it's in the global firewall settings.
Daniel Waites
Post-Sales Engineer
Sabyr Consulting
www.sabyr.com
(409) 454-7250 - cell
Original Message:
Sent: 9/26/2023 10:13:00 AM
From: Cwalk
Subject: RE: SSID ON RADIUS AUTH WITH LDAP USERS DENYING RDP AND OTHER SERVICES
Also the SSID is on tunnel mode. Should that be correct since we are doing 802.1x authentication.
Original Message:
Sent: Sep 26, 2023 10:01 AM
From: dwaites
Subject: SSID ON RADIUS AUTH WITH LDAP USERS DENYING RDP AND OTHER SERVICES
Quick question, are the network resources they are trying to reach on the same subnet as the clients, and if so, is intra-VLAN traffic permitted on the SSID? I'm thinking there is a new knob in the firmware somewhere that isn't set properly.
Daniel Waites
Post-Sales Engineer
Sabyr Consulting
www.sabyr.com
(409) 454-7250 - cell
Original Message:
Sent: 9/26/2023 9:10:00 AM
From: Cwalk
Subject: RE: SSID ON RADIUS AUTH WITH LDAP USERS DENYING RDP AND OTHER SERVICES
Hi, just to expound more,
We have another controller running an older firmware version , all the configs are done there. Ldap users authenticating using the same radius server and accessing network using the AD credentials. They can access the network resources. We upgraded the current controller that is having issues to 8.10 LSR. Both are using similar network, similar DNS, same radius server. etc so the networks are and environments are similar. Radius server is the same , dns we have primary and secondary both coinfigured on the MC 7030
Original Message:
Sent: Sep 25, 2023 11:28 AM
From: shpat
Subject: SSID ON RADIUS AUTH WITH LDAP USERS DENYING RDP AND OTHER SERVICES
Initially, there are a lot of questions which arise from your description.
- What sort of DNS are you pushing to your users? Can that DNS resolve the Hostnames of the Servers you are trying to access?
- Are you using Hostnames or IP Address to connect to the RDP or Folders? Whichever you are using try both: Initially with IP Address and then with Hostname.
- Are you using different subnets for Wireless users and Servers? If yes (and i guess you do) check if they are routable
- Are you having a Firewall sitting in front of your Servers? If yes, check if the ports and the subnet of your wireless infrastructure is whitelisted/allowed to access the Servers using specific ports.
- etc.
------------------------------
Shpat | ACEP | ACMP | ACCP | ACDP |
-Just an Aruba enthusiast and contributor by cases
Original Message:
Sent: Sep 22, 2023 04:36 AM
From: Cwalk
Subject: SSID ON RADIUS AUTH WITH LDAP USERS DENYING RDP AND OTHER SERVICES
Hi Techs,
i have a scenario where i integrated the ssid with authentication using radius for LDAP users. I the integration works fine and AD credentials work and staff is able to authenticate and access internet. However when trying to access things like share folders on windows server and RDP to servers it doesnt work. I am hoping for a solution and insights. This will be appreciated.
David