Wireless Access

Reply
Trusted Contributor I

blocking wireless to wired communication and fing

"Deny Inter User Traffic" works perfectly to block wireless users from communicating with each other. only the wireless clients are perfectly able to communicate with the wired clients in the same network.

 

enabling "Deny Inter User Bridging" doesnt appear to change this. is this expected?

 

i can use an ACL on the user role to disable the communication with the wired clients. only after that im still able to use fing (android ap) to scan the subnet and find the wired clients.

 

this is on a 650 with ArubaOS 6.3 btw.

Trusted Contributor I

Re: blocking wireless to wired communication and fing

If you use an ACL you're blocking L3 traffic between the wireless and wired clients.  If Fing uses a L2 mechanism like ARP to find devices on the network, than Fing would still be able to discover the wired clients this way.

 

I've never used "Deny Inter User Bridging" but the user guide indicates this is the feature you want to solve your problem.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Trusted Contributor I

Re: blocking wireless to wired communication and fing

not actually using ACLs, but using the "Deny Inter User Traffic" option which probably does the same on OS level.

 

yes "Deny Inter User Bridging" would seem to help according to the user guide, but i see no effect when turning it on. fing uses arp i noticed in a packet capture, might be that is still allowed even though the option is enabled.

 

so anyone got any actual experience to share here?

Trusted Contributor I

Re: blocking wireless to wired communication and fing

not sure who decided to accept that solution but it isn't solved. for me deny inter user bridging has no effect. if it does for you please do share that experience.

Guru Elite

Re: blocking wireless to wired communication and fing

Are the wired users coming in on an untrusted port on the controller?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Trusted Contributor I

Re: blocking wireless to wired communication and fing

no, a trusted port, is that the reason?

Guru Elite

Re: blocking wireless to wired communication and fing

Yes. It must be in the user table to be considered s "user". The compnerd method is the right way to work around that.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Trusted Contributor I

Re: blocking wireless to wired communication and fing

ok, clear, my bad for the untrusted / trusted part, should have checked that.

 

and sorry to drag this on but then i still don't get the "The compnerd method is the right way to work around that." remark. are you saying that using deny inter user bridging is the work around for port that are set to trusted? or is that remark about "If you use an ACL you're blocking L3 traffic between the wireless and wired clients."?

Guru Elite

Re: blocking wireless to wired communication and fing

Deny inter user bridging only works for users actually in the table. If your wired users are not in the user table it will not work, period.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Trusted Contributor I

Re: blocking wireless to wired communication and fing

ok, crystal clear now, going to have some fun trying this in my lab.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: