cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1704
Views
0
Helpful
11
Replies

Client communication restriction on Cisco 2504 WLC

Noovi
Level 1
Level 1

Hi Guys,

 

Need your help on this.

 

I am managing CIsco 2504 WLC and i have configured P2P Blocking Action in SSID.

 

My requirement is two users connected to that SSID , do not need to communicate.

 

After configuring P2P Blocking in that SSID , Users connected to Same AP are not able to communicate with each other.

 

But when Users moves to differnet AP. ex. One user remains there on previous AP and second user moves to different AP with same IP address  then they are able to communicate with each other.

Can you please guide me what configuration is required to avoid this?

11 Replies 11

Ric Beeching
Level 7
Level 7
Hi Noovi,

Is your SSID centrally switched or locally switched? Or rather, is it a FlexConnect deployment or standard setup? What code are you running on the 2504?

Ric


-----------------------------
Please rate helpful / correct posts

hi,

it is flexconnect local switching

WLC is running with version 8.2.170

I'm not 100% sure, but because you have enabled "flexconnect local switching", the traffic will not go to the WLC and thus the policy with the P2P block will not work between two APs.

Jaderson Pessoa
VIP Alumni
VIP Alumni

Hello,

 

If you apply a standard acl on your core or firewall will solve your problem?

 

like:

acl 1 deny ip 1.1.1.1 0.0.0.0 2.2.2.2 0.0.0.0

apply it on interface or vlan

 

Regards,

Jaderson Pessoa
*** Rate All Helpful Responses ***

@Jarderson, the issue pertains to wireless P2P function only so the L3 gateway doesn't come in to play as traffic won't pass beyond the WLC.

Cheers,
Ric
-----------------------------
Please rate helpful / correct posts

L3 for user is configured on firewall.

 

If i have 10.162.10.0/24 subnet then how and in firewall , where to apply ACL?

Hello,

If you apply this acl on interface that has 10.162.10.0/24 subnet it is bad?
Jaderson Pessoa
*** Rate All Helpful Responses ***

HI,

here subnet is only one so what will be source address and destination?

Hello,

I think that the same acl you can have many entrys.

for exemple:
ip access-list 100 deny host 1.1.1.1 host 2.2.2.2
ip access-list 100 deny host 2.2.2.2 host 1.1.1.1
ip access-list 100 permit ip any any
Jaderson Pessoa
*** Rate All Helpful Responses ***

As Poterbeli and myself were getting at, because you are using FlexConnect, P2P will not work between two clients on different Access Points unfortunately, it is a limitation of the setup.

Note: If using same VLAN on the WLAN, clients will never traverse the layer 3 boundary (gateway) and therefore implementing an ACL will have no affect. The only way to prevent P2P traffic
-----------------------------
Please rate helpful / correct posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: