Cisco ACLs won't help in this case. Traffic between hosts on the same VLAN is controlled entirely from the switches and APs. The routers don't ever see that, so they can't control it.
The APs from just about any vendor will be able to do client isolation, so keeping the wireless clients from talking to each other shouldn't be difficult. Wired clients are another story and will depend on the capabilities provided by the switches. If they have an equivalent to Cisco's "switchport protected" functionality, you should be able to use that.
Same-VLAN traffic doesn't flow to the router, so there's nothing that can be done on the 2921. It all comes down to the switches. What models of switches are you using to serve this VLAN?
If you're using Cisco Catalysts, the easiest option would be to set the ports on these hosts to "switchport protected" in order to isolate them. They'll be able to talk to the switch's SVI (VLAN) L3 interface but not to each other. For more granular control, you can look at private VLANs, but they may be a bit overkill for what you're looking for.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...