Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Peer-to-Peer Blocking with interface groups / AP groups

Hello Wireless Experts,

I got a question regarding peer-to-peer blocking on a WLC in combination with interface or AP-groups. This is all regarding local mode APs - I'm not talking about FlexConnect.

I understand, that peer-to-peer blocking with drop action works on a WLAN (SSID) basis, if you believe the SW-configuration guide.

The feature works well, if the WLAN is bridged to one VLAN.

But in my tests, the feature doesn't work, if the WLAN is bridged to an interface group and if the clients are assigned to different VLANs.

It's the same case, if the APs are in different AP groups with different VLAN assignments for the same SSID.

--> The wirless clients are able to communicate with each other.

The question I have is, if this is a "works-as-designed" behaviour or not.

In the SW configuration guide (

), there is no according note in the "restrictions for..." sections in the peer-to-peer blocking, vlan select or AP groups section.

By the way... I'm using on a WLC2500



VIP Purple

Peer-to-Peer Blocking with interface groups / AP groups

I think when this feature (P2P blocking) was added, there were no concept of interface groups, etc to map multiple vlan to same SSID. When additional features added the original P2P blocking was not optimized to work in all these scenario.

This is a one feature I am not trusting well. I think it has drawbacks like what you found. Haven't tested in detail, but heard lots of issues with this feature.

Open a TAC & confirm with them what is the expected behaviour in your situation