How to block traffic between users (L2 and L3)

Aruba Employee
Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS versions.


Blocking traffic between users on both layer 2 and layer 3 must be completed in two steps.
1. Layer 2 traffic - to block this traffic we prevent bridging of user traffic. This feature is to mitigate layer 2 LAN protocols (Appletalk, NetBeui, etc) issues. command: firewall deny-inter-user-bridging Caveat: this command will only prevent bridging on an individual controller not across different controllers.
2. Layer 3 Traffic - to block layer 3 firewall polices must be configured and applied. Here is an example, where we block all user traffic with a destination on the same subnet ( with the exception of traffic for the 2 hosts, and the controller:
!**** example ***
! netdestination "User-Subnet" network
! netdestination "allowed-hosts" host host
! ip access-list session block-inter-user
user alias mswitch any permit
user alias allowed-hosts any permit
user alias User-Subnet any deny user any any permit !
Version history
Revision #:
1 of 1
Last update:
‎07-02-2014 02:01 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: