10-12-2012 09:46 PM - edited 03-07-2019 09:26 AM
Dear All,
I have coe switch 4506e whic is connectd to 2960 edge switches which in turnhave access points connected with no client isolation feature.
I wanr to implement this featue at switch leel, how can I do it?
Please help!!
Thanks,
Vishal
Solved! Go to Solution.
10-13-2012 02:32 AM
Hello Vishal,
Yes, absolutely. Using the tools Julio and John suggested, you are perfectly capable of isolating clients that are associated to different APs which are in turn connected to different switch ports.
Best regards,
Peter
10-12-2012 10:10 PM
Hello Vishal,
You have different options,
You can use private vlans, Vlan Access-list or Port-ACL,
I would say the Vlan ACL will do it for you if what you want to do is to filter traffic withing a vlan on an easy way but that is all up to you
At least you have the options now
Julio
Remember to rate all of the helpful posts
10-12-2012 10:20 PM
Hello Julio and Vishal,
If you want to implement WiFi client isolation then I am afraid that a switch-based solution will not help you much. The primary reason is that if two WiFi clients associated to a single AP want to communicate directly, their mutual communication will be handled by the AP without any involvement of the switch. In other words, because the switch is not a part of the communication path between two clients associated to a single AP, no security measure configured on the switch is going to affect the clients' communication. Whatever you configure on your switch, it will affect only communication of clients associated to different APs (as their traffic will go through the switch). However, clients associated to a single AP will not be prevented from talking to each other.
I am sorry to disappoint you but I see no way to implement client isolation externally if the AP does not support it.
Best regards,
Peter
10-12-2012 11:34 PM
Hi Peter,
I believe Julio might be right with what he suggested.
If I understood OP's requirement correctly, I think he wants isolation between APs which are on the 2960's switch ports.
This can be done with PVLAN or PVLAN edge on the 2960.
Sent from Cisco Technical Support iPad App
10-13-2012 12:15 AM
Hi John,
The OP says:
access points connected with no client isolation feature.
I guess everything boils down on what this statement precisely means. Perhaps Vishal could clarify that for us
Best regards,
Peter
10-13-2012 02:21 AM
hi Peter,
I agree with your statement. But, I can isolate clients between to APs which are connected to two different ports..
Is this correct?
10-13-2012 02:32 AM
Hello Vishal,
Yes, absolutely. Using the tools Julio and John suggested, you are perfectly capable of isolating clients that are associated to different APs which are in turn connected to different switch ports.
Best regards,
Peter
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: