Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
If the 'deny inter-user-bridging' option is enabled, Layer 2 traffic is prevented from being forwarded between wired or wireless users. You can configure user role policies that prevent Layer 3 traffic between users or networks, but this does not block Layer 2 traffic. This option can be used to prevent traffic, such as AppleTalk or IPX, from being forwarded. The 'deny inter-user-bridging' option does not allow non-IP frames to be forwarded between untrusted users.
These commands help to narrow down the packet drop:
(Aruba) #show datapath session
(Aruba) #show acl hits
Note: Keep in mind that it does not allow ARP. ARP is not IP and thus, some IP functions could be affected. For example, it can impact peer-to-peer multicast.
To enable the 'deny inter-user-bridging' option, follow these steps:
Using WebGUI
1) Navigate to Configuration > Advanced services > stateful firewall.
2) Check the fourth option, "Deny Inter User Bridging".
3) Apply and save the configuration.
Using CLI
(Aruba) (Config) # Firewall deny-inter-user-bridging
(Aruba) (Config) # end
(Aruba) #write memory