Controllerless Networks

Occasional Contributor II

Wireless users can not communicate with each other

Client connecting different sside can communicate with each other,

configuration as follow


aaa profile "Aruba-A"

   initial-role "Aruba-A"


aaa profile "Aruba-B"

   initial-role "Aruba-B"


wlan virtual-ap "Aruba-A"

   aaa-profile "Aruba-A"

   ssid-profile "Aruba-A"

   vlan 4


wlan virtual-ap "Aruba-B"

   aaa-profile "Aruba-B"

   ssid-profile "Aruba-B"

   vlan 3


Under normal circumstances  ,Clients can communicate with each other 

I want clients belong to vlan3 only with server (,Can not communicate with other IPs inside vlan 4


I configuration  one policy as follow


netdestination server



netdestination subnet_Local



ip access-list session Wifi_user

  alias subnet_Local alias server any permit

  alias subnet_Local user any deny


user-role Aruba-A

 access-list session global-sacl

 access-list session apprf-cisco-sacl

 access-list session Wifi_user

 access-list session allowall


After the configuration is complete,Vlan 3 IP can communicate with server 


 I have a question  

User-role Aruba-B  



Why not access-list session Wifi_user under user-role aruba-B?



Guru Elite

Re: Wireless users can not communicate with each other

How are your wifi users authenticating?  The initial-role parameter in the AAA profile is only for Open, WEP, or WPA2-PSK users.  If you are using 802.1x you would need to assign the default 802.1x role in the AAA profile to whatever role you want your clients to have.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: