cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Community Live- Understanding How Multicast Works with Cisco
22384
Views
0
Helpful
19
Replies
Highlighted
Beginner

howto block p2p traffic of clients connected to the same ssid on

Hello there, did we ever got an answer on this? Still wondering if private vlan is the way to go or perhaps protected ports, which may not bring scalability in a large wireless network.

Beginner

howto block p2p traffic of clients connected to the same ssid on

I too would like to know if a best practice has ever been discovered for this.

I have a site that has 550 APs with 4 x 5508 so I have use multiple controllers at this site.

Thanks in advance.

howto block p2p traffic of clients connected to the same ssid on

We're still using acls on the dynamic interfaces, not nice but it's working fine in our environment (6 wlc).

Best Regards

Thorsten

Beginner

howto block p2p traffic of clients connected to the same ssid on

Very good, can you provide some sample ACL lines so we can see how that would look?

In my case the controllers are connected via Layer2 and I'm not sure the L2 traffic of a client on Controller1 would hit the SVI before being switched to a given client on Controller2.

howto block p2p traffic of clients connected to the same ssid on

config example on wlc44xx:

wlan client net: 10.1.1.0 /24, default gateway 10.1.1.10 (dedicated router in our case)

acl rules:

1. 10.1.1.0 /24 -> 10.1.1.10: Permit
2. 10.1.1.10 -> 10.1.1.0 /24: Permit
3. 10.1.1.0 /24 -> 10.1.1.0 /24: Deny
4. 10.1.1.0 /24 -> 0.0.0.0 /0: Permit
5. 0.0.0.0 /0 -> 10.1.1.0 /24: Permit

in short words: Allow Traffic to/from default gateway + deny traffic inside the net + allow traffic to/from rest

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards