Controllerless Networks

Does anyone know if there are any plans to make Inter-user Routing/Bridging in Instant a per SSID item instead of a system wide option?

Customer wants to enable this, but only in the guest SSID.

I would suggest to try to do it like this : 

 - Under System -> enable the "Deny local routing" (it will block communications between clients on different WLAN's)

 - Under the role of the Guest SSID you add a rule with deny traffic to the Guest subnet (don't forget to exclude the Gateway and DNS in case you have them local defined)

That should provide some level of security :)

I have already added this type of request as an idea. Thus promote :

https://arubanetworkskb.secure.force.com/prm/ideas/viewIdea.apexp?id=08740000000LEfL

it seems that they have added this feature in 4.1 OS: 

Disabling of Bridging and Routing Traffic between Clients Connected to an SSID
You can now disable bridging and routing traffic between two clients connected to an SSID. When inter-user bridging
and local routing is denied, the clients can connect to the Internet but cannot communicate with each other, and the
bridging and routing traffic between the clients is sent to the upstream device to make the forwarding decision.
To deny inter-user bridging and local routing for the WLAN SSID clients, run the following commands at the CLI:
(Instant AP)(config)# wlan ssid-profile <ssid-profile>
(Instant AP) (SSID Profile <ssid-profile>)# deny-inter-user-bridging
(Instant AP) (SSID Profile <ssid-profile>)# deny-local-routing
(Instant AP) (SSID Profile <ssid-profile>)# end
(Instant AP)# commit apply

Aruba should make this available in the GUI!

Sorry, I meant per VLAN.