ā03-07-2017 04:02 PM - edited ā07-05-2021 06:40 AM
Hello!
I am looking to isolate client traffic for a certain WLAN. I want to deny traffic from clients on the same WLAN, across all APs.
Can anyone explain how p2p blocking action works? Are there any considerations? Please let me know if you need more information,
WLC2504 - FW version 7.6.120.0
Thanks!
ā03-07-2017 06:26 PM
Hey,
It is fairly straight forward when using centrally switched WLANs or with APs in local mode on the same WLC. If you apply P2P Blocking action of drop globally on your WLAN this will stop the APs/WLC forwarding packets between clients attached to all APs.
This does not apply to multicast traffic however.
Ric
ā03-07-2017 06:35 PM
Thanks Ric!
What if I have APs in flexconnect with local switching?
I am hearing conflicting information.
I appreciate you answering my questions!
ā03-07-2017 06:38 PM
No probs,
For your version of software it appears that P2P blocking is supported on locally switched WLANs:
Peer-to-peer blocking is supported for clients that are associated with the local switching WLAN.
Ric
ā04-18-2017 04:43 PM
Sadly the documentation regarding P2P blocking with local switching (FlexConnect) is incomplete if you ask me.
What really happens when you enable this feature is that "bridge-group x port-protected" is being enabled on the dot11 radio (sub) interfaces. This feature should* prevent traffic between two wireless connected end-points on the same access-point. There is no "distribution system" by which the other access-points are being informed about other guest clients. This means that you need to implement something like private VLANs on the wired side as well.
*: does not seem to work with latest 8.3 AirOS code, even if both clients are connected on the same radio of the access-point.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide