Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4538
Views
3
Helpful
7
Replies

Client Isolation - Cisco Catalyst 9800-CL Wireless Controller

smounche
Level 1
Level 1

‎04-01-2024 01:29 AM

Greetings,

I am seeking assistance with configuring Client Isolation on a single SSID on a Cisco Catalyst 9800-CL Wireless Controller.
Basically, Users within the same VLAN must not be able to communicate with each other.

I have been informed that this can be achieved by connecting to the controller/AP via CLI and configuring an ACL.

I would greatly appreciate receiving detailed instructions on how to perform this configuration

Thank you.



Labels:
0 Helpful
7 Replies 7

MHM Cisco World
VIP
VIP

‎04-01-2024 01:37 AM

Try under wlan 

P2P block 

MHM

smounche
Level 1
Level 1
In response to MHM Cisco World

‎04-01-2024 04:37 AM

I did it.
doesn't work. clients still able to see/communicate with each other 

0 Helpful

marce1000
Hall of Fame
Hall of Fame

‎04-01-2024 02:07 AM

 

 - Ref : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-1/config-guide/b_wl_17_11_cg/wlans.html
  >...Configuring Advanced WLAN Properties (GUI)
  >...From the P2P Blocking Action drop-down list, choose the required value.
                                                                                               (set to block)

  Also check this thread : https://community.cisco.com/t5/wireless/how-to-disable-wireless-client-communication-from-ap-flexconnect/td-p/4606630

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

smounche
Level 1
Level 1

‎04-01-2024 04:49 AM

Thanks, everybody. @balaji.bandi @MHM Cisco World @marce1000 

but it seems that "Peer-to-peer blocking" not working fully 

Quote;

Note:     In Flex mode with local switching, as traffic is not going through the controller, P2P blocking is applied only to traffic from clients connected to the same AP. It will not apply to inter-AP traffic. Similarly, in SD-Access mode, this setting really has no effect, as the client traffic is always sent to the fabric edge switch for policy to be applied.

And here is another Quote;

• Cisco controller with central switching clients supports peer-to-peer blocking for clients associated with different APs. However, this solution targets only clients connected to the same AP.

FlexConnect ACLs can be used as a workaround for this limitation.

 

 

- so the question is how do I set ACL 





0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to smounche

‎04-01-2024 06:57 AM

If that is your deployment sd-access look at the below document :

Native peer to peer blocking is NOT supported on the SDA-wireless.
An administrator would have to use the Cisco Trustsec policy to achieve the desired output.

https://www.cisco.com/c/dam/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/deploy-guide/cisco-dna-center-sd-access-wl-dg.pdf

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

smounche
Level 1
Level 1

‎04-02-2024 12:58 AM

I think my deployment is 
Flex AP (local switching)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card