How to prevent communication between client devices connected to different Access Points (APs) on a WLAN
Some applications require that no traffic be forwarded at Layer 2 between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch.
Protected ports have these features:
•A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Traffic cannot be forwarded between protected ports at Layer 2; all traffic passing between protected ports must be forwarded through a Layer 3 device.
•Forwarding behavior between a protected port and a non protected port proceeds as usual.
Default Protected Port Configuration
The default is to have no protected ports defined.
Protected Port Configuration Guidelines
You can configure protected ports on a physical interface (for example, Gigabit Ethernet port 1) or an EtherChannel group (for example, port-channel 5). When you enable protected ports for a port channel, it is enabled for all ports in the port-channel group.
Configuring a Protected Port
Beginning in privileged EXEC mode, follow these steps to define a port as a protected port:
Enter global configuration mode.
Enter interface configuration mode, and enter the type and number of the interface to configure, for example gigabitethernet0/1.
Configure the interface to be a protected port.
Return to privileged EXEC mode.
show interfaces interface-idswitchport
Verify your entries.
copy running-config startup-config
(Optional) Save your entries in the configuration file.
To disable protected port, use the no switchport protected interface configuration command.
This example shows how to configure a port as a protected port:
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# switchport protected
WLAN adapters (wireless card) / ACU (Aironet Client Utility)
Just wondering what the best practice is on using DHCP proxy mode vs DHCP bridging mode for roaming clients (L2 / L3 roam)? Does the DHCP proxy feature add significant time to the DHCP handshake and cause roaming clients to lose packets when they go ...
Hi all, I am having issues setting up a few Aironet 1262s (AIR-LAP1262N-E-K9) They are powered from a 3560 PoE-8 (only one at a time) and they power up...The power comes on and the light flashes green for bit (I assume booting)The light then is ...
Hi all, I am using WLC 3504 and i have created a open ssid that require web auth. I have also enabled a lobby admin account on my WLC to create accounts for guests to connect to this ssid. The default ip of the interface of this ssid is 22.214.171.124. For ...
Hello everyone,I am a new customer of Cisco Access Point AIR-AP2802E-E-K9C. I don't have much experience with this class of hardware Cisco. Could someone help me, how to configure this AP? I have experience with switches and routers. I would like, to this...
Dear all, I cannot reimage AP1852i through rommon mode .I tried below commands but it doesn't work. When it boot, it will load the old image (the old image has an issue so I cannot access to controller cli or webui)tftpboot AIR-AP1850-K9-8-5-151...