Hi Guys,
I need your assistance/advise,
Environment:
A3600A6.4.2.5 & RAP3WN units (Deployed as RAP - IPSEC)
Now to my issue:
I configured RAP3WN unit 0/1 port to be untrusted and to use 802.1x & MAC auth (L2 Failover) i assigned AAA / Tunnel Mode / same VLAN (1028) to all client - and everything working as excepted.(each client that passing the 802.1x or MAC getting same authenticated role)
(SPI - Deny inter user traffic enabled)
BUT ..(Now to my issue) When trying to ICMP or WEB-GUI to a local printer ( That also connected to the switch) we are able to pass traffic :( Even due the inter user traffic sent isnt allowed and all clients and printer are clients connected to a SW connected to ETH 0/1 on the RAP.
Please advise why?
Please advise how do i enforce it (something strange is that when i'm not allowing access based on the ACL that the client getting - ICMP still working ...BUT HTTP-ACL or DHCP ACL and other do effect)
Waiting to here you solution.
Me.