What is the function of the 'firewall deny-inter-user-bridging' command and how do I enable it?

Aruba Employee
Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS versions.


If the 'deny inter-user-bridging' option is enabled, Layer 2 traffic is prevented from being forwarded between wired or wireless users. You can configure user role policies that prevent Layer 3 traffic between users or networks, but this does not block Layer 2 traffic. This option can be used to prevent traffic, such as AppleTalk or IPX, from being forwarded. The 'deny inter-user-bridging' option does not allow non-IP frames to be forwarded between untrusted users.


These commands help to narrow down the packet drop:


(Aruba) #show datapath session


(Aruba) #show acl hits


Note: Keep in mind that it does not allow ARP. ARP is not IP and thus, some IP functions could be affected. For example, it can impact peer-to-peer multicast.


To enable the 'deny inter-user-bridging' option, follow these steps:


Using WebGUI


1) Navigate to Configuration > Advanced services > stateful firewall.


2) Check the fourth option, "Deny Inter User Bridging".


3) Apply and save the configuration.


Using CLI


(Aruba) (Config) # Firewall deny-inter-user-bridging


(Aruba) (Config) # end


(Aruba) #write memory

Version history
Revision #:
1 of 1
Last update:
‎07-01-2014 04:05 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: