Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Block traffic from specific SSID which is in bridge mode

This thread has been viewed 1 times

  • 1.  Block traffic from specific SSID which is in bridge mode

    Posted Feb 08, 2016 08:27 AM

    Hello

    I have access points at branch office which are controlled centrally by aruba controller.

    SSID-s which are broadcasted at branch are in bridge mode. 

    For  one ssid i need coplete isolation from other networks. Users which will be connected to this SSID must see each other but not any other network. 

    How can i accomplish this ? 

     

     



  • 2.  RE: Block traffic from specific SSID which is in bridge mode

    Posted Feb 08, 2016 08:49 AM

    Just configure your firewall policies for the roles on that SSID so that they cannot talk to other networks.   The AP wll do the firewalling for you.    When you say they cannot see any other network, do you mean even the Internet??    Two examples below.

     

    The following is an example to block other networks (Internet is allowed):

     

    netdestination BLOCK-NETS

      network x.x.x.x y.y.y.y

      network x.x.x.x y.y.y.y

     

    ip access-list session BLOCK-OTHER-NETS

      user alias BLOCK-NETS any deny

     

    user-role BRIDGE-USER

      access-list session BLOCK-OTHER-NETS

      access-list session allowall

     

    The following is an example to allow only local communication; nothing else:

     

    netdestination BRIDGE-NETS

      network x.x.x.x y.y.y.y

      network x.x.x.x y.y.y.y

     

    ip access-list session BRIDGE-NET-ACCESS

      user alias BRIDGE-NETS any permit

      alias BRIDGE-NETS user any permit

     

    user-role BRIDGE-USER

      access-list session BRIDGE-NET-ACCESS