cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7773
Views
0
Helpful
6
Replies

isolation of clients withing VLAN

vishalpatil86
Level 1
Level 1

Dear All,


I have coe switch 4506e whic is connectd to 2960 edge switches which in turnhave access points connected with no client isolation feature.

I wanr to implement this featue at switch leel, how can I do it?

Please help!!

Thanks,

Vishal                  

1 Accepted Solution

Accepted Solutions

Hello Vishal,

Yes, absolutely. Using the tools Julio and John suggested, you are perfectly capable of isolating clients that are associated to different APs which are in turn connected to different switch ports.

Best regards,

Peter

View solution in original post

6 Replies 6

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Vishal,

You have different options,

You can use private vlans, Vlan Access-list or Port-ACL,

I would say the Vlan ACL will do it for you if what you want to do is to filter traffic withing a vlan on an easy way but that is all up to you

At least you have the options now

Julio

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hello Julio and Vishal,

If you want to implement WiFi client isolation then I am afraid that a switch-based solution will not help you much. The primary reason is that if two WiFi clients associated to a single AP want to communicate directly, their mutual communication will be handled by the AP without any involvement of the switch. In other words, because the switch is not a part of the communication path between two clients associated to a single AP, no security measure configured on the switch is going to affect the clients' communication. Whatever you configure on your switch, it will affect only communication of clients associated to different APs (as their traffic will go through the switch). However, clients associated to a single AP will not be prevented from talking to each other.

I am sorry to disappoint you but I see no way to implement client isolation externally if the AP does not support it.

Best regards,

Peter

Hi Peter,

I believe Julio might be right with what he suggested.

If I understood OP's requirement correctly, I think he wants isolation between APs which are on the 2960's switch ports.

This can be done with PVLAN or PVLAN edge on the 2960.

Sent from Cisco Technical Support iPad App

Hi John,

The OP says:

access points connected with no client isolation feature.

I guess everything boils down on what this statement precisely means. Perhaps Vishal could clarify that for us

Best regards,

Peter

hi Peter,

I agree with your statement. But, I can isolate clients between to APs which are connected to two different ports..

Is this correct?

Hello Vishal,

Yes, absolutely. Using the tools Julio and John suggested, you are perfectly capable of isolating clients that are associated to different APs which are in turn connected to different switch ports.

Best regards,

Peter

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: