Configuring Client Isolation

HPE Aruba Networking Central supports the Client Isolation feature isolates clients from one another and disables all peer-to-peer communication within the network. Client isolation disables inter-client communication by allowing only client to gateway traffic from clients to flow in the network. All other traffic from the client that is not destined to the gateway or configured servers will not be forwarded by the Instant Access Point (IAP).

This feature enhances the security of the network and protects it from vulnerabilities. When Client Isolation is configured, the IAP learns the IP, subnet Subnet is the logical division of an IP network. mask, MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. , and other essential information of the gateway and the DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. server. A subnet table of trusted destinations is then populated with this information. Wired servers used in the network should be manually configured into this subnet table to serve clients. The destination MAC of data packets sent by the client is validated against this subnet table and only the data packets destined to the trusted addresses in the subnet table are forwarded by the I AP. All other data packets are dropped.

Client Isolation feature is supported only in IPv4 networks. This feature does not support AirGroup and affects Chromecast and Airplay services.

Enabling Client Isolation for Wireless Networks in HPE Aruba Networking Central

To enable the Client Isolation feature, complete the following steps:

  1. In the WebUI, set the filter to a group containing at least one AP.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices > Access Points.

    A list of APs is displayed in the List view.

  3. Click the Config icon.

    The tabs to configure the APs are displayed.

  4. Click the WLANs tab.

    The WLANs Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. details page is displayed.

  5. In the WLANs page, click + Add SSID.

    The Create a New Network page is displayed.

  6. Click Advanced Settings and expand Miscellaneous.
  7. Turn on the Deny Intra VLAN Traffic toggle switch.
  8. Click Next.