Starting from ArubaOS 7.4, Mobility Access Switch provides support for Deny Inter-user Traffic. Deny Inter-user Traffic feature enables Mobility Access Switches to block the communication between users with the same role. For example, an organization can block communication between any two guest users. If the role has voip-profile configured, then the traffic across the VoIP users is also denied.
Limitations:
Environment : If we want to block the communication between users with the same role.
Configuring Deny Inter-User Traffic:You can configure this feature using the following CLI command:(host) (config) #user-role <role-name>(host) (config-role) #deny-inter-user-traffic
Sample Configuration:(host) (config) #user-role Guest(host) (config-role) #deny-inter-user-traffic
Verifying Deny Inter-User Traffic Configuration:Use the following command to view the list of user roles on which deny inter-user traffic is enabled:(host) #show aaa deny-inter-user-traffic rolesMaximum number of user roles supported: 7Enabled on user roles:----------------------Role3GuestUse the following command to view the details of the interfaces on which the role is applied and traffic is denied:(host) #show user-table role guestUsers-----IP MAC Name Role Age(d:h:m) Auth Connection--- ----- ----- ---- ---------- ---- ----------192.0.2.11 04:7d:7b:1e:d1:bf test-user1 Guest 00:02:18 802.1x-Wired Wired 192.0.2.10 00:25:45:93:bf:d8 test-user2 Guest 00:02:18 802.1x-Wired Wired Interface Profile Vlan--------- ------- ----3/0/44 dot1x 1 (3911)3/0/44 dot1x 1 (3913)User Entries: 2/2ArubaOS
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.