12-13-2006 06:00 PM - edited 07-03-2021 01:22 PM
Simple question I suppose. Assume 2 conditions - a single access point and multiple access points.
Is there any feature to prevent clients from talking at layer2?
12-13-2006 07:54 PM
Hi John!
For a single access point, it's absolutely (well, probably) possible, just enable "Public Secure Packet Forwarding" (PSPF). PSPF was designed for client security in "hotspot" situations to prevent one user from hacking another. Whether it works for something like NETBIOS, I don't know (but I'll check).
You can find it in the "Interface" page of the Web GUI, or add it as a CLI command under the SSID.
As for multiple APs, I'm not sure (but I'll check). I believe it would be more possible in the LWAP deployment, since all of the APs are under central control ... but perhaps it is also implemented in some form or fashion for stand-alone units as well.
A quick searh on the Cisco Main site I found this fragment:
(quote)
Note: To prevent communication between clients associated to different access points, you must set up protected ports on the switch to which the wireless devices are connected. See the "Configuring Protected Ports" section for instructions on setting up protected ports.
(end qoute)
Here's the link, the (brief) info and CLI config is under the "Configuring PSPF" section.
I'll poke around some if I get the chance and re-post if I find anything good.
Good Luck
Scott
(Merry Christmas / Happy Holidays)
12-13-2006 08:42 PM
Scott,
Just call me spidey and get that out of the way. ;)
I appreciate you pointing me in the right direction. I'll check more into the PSPF feature.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide