I have coe switch 4506e whic is connectd to 2960 edge switches which in turnhave access points connected with no client isolation feature.
I wanr to implement this featue at switch leel, how can I do it?
Solved! Go to Solution.
You have different options,
You can use private vlans, Vlan Access-list or Port-ACL,
I would say the Vlan ACL will do it for you if what you want to do is to filter traffic withing a vlan on an easy way but that is all up to you
At least you have the options now
Remember to rate all of the helpful posts
Hello Julio and Vishal,
If you want to implement WiFi client isolation then I am afraid that a switch-based solution will not help you much. The primary reason is that if two WiFi clients associated to a single AP want to communicate directly, their mutual communication will be handled by the AP without any involvement of the switch. In other words, because the switch is not a part of the communication path between two clients associated to a single AP, no security measure configured on the switch is going to affect the clients' communication. Whatever you configure on your switch, it will affect only communication of clients associated to different APs (as their traffic will go through the switch). However, clients associated to a single AP will not be prevented from talking to each other.
I am sorry to disappoint you but I see no way to implement client isolation externally if the AP does not support it.
I believe Julio might be right with what he suggested.
If I understood OP's requirement correctly, I think he wants isolation between APs which are on the 2960's switch ports.
This can be done with PVLAN or PVLAN edge on the 2960.
Sent from Cisco Technical Support iPad App
The OP says:
access points connected with no client isolation feature.
I guess everything boils down on what this statement precisely means. Perhaps Vishal could clarify that for us
I agree with your statement. But, I can isolate clients between to APs which are connected to two different ports..
Is this correct?