Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to prevent communication between client devices connected to different Access Points (APs) on a WLAN

 

 

Introduction

How to prevent communication between client devices connected  to different Access Points (APs) on a WLAN

 

Core Issue

Some applications require that no traffic be forwarded at Layer 2 between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch.

 

Solution

Protected ports have these features:

A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Traffic cannot be forwarded between protected ports at Layer 2; all traffic passing between protected ports must be forwarded through a Layer 3 device.

Forwarding behavior between a protected port and a non protected port proceeds as usual.

 

Default Protected Port Configuration

The default is to have no protected ports defined.

 

Protected Port Configuration Guidelines

You can configure protected ports on a physical interface (for example, Gigabit Ethernet port 1) or an EtherChannel group (for example, port-channel 5). When you enable protected ports for a port channel, it is enabled for all ports in the port-channel group.

 

Configuring a Protected Port

Beginning in privileged EXEC mode, follow these steps to define a port as a protected port:

 

 

 

Command

 

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

interface interface-id

Enter interface configuration mode, and enter the type and number of the interface to configure, for example gigabitethernet0/1.

Step 3

switchport protected

Configure the interface to be a protected port.

Step 4

end

Return to privileged EXEC mode.

Step 5

show interfaces interface-idswitchport

Verify your entries.

Step 6

copy running-config startup-config

(Optional) Save your entries in the configuration file.

 

To disable protected port, use the no switchport protected interface configuration command.

This example shows how to configure a port as a protected port:

 

Switch# configure terminal

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# switchport protected

Switch(config-if)# end

 

Problem Type

How to...

 

Products

WLAN adapters (wireless card) / ACU (Aironet Client Utility)

Access point

 

Reference

Configuring Protected Ports

Configuring Port-Based Traffic Control