cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4264
Views
3
Helpful
7
Replies

Client Isolation - Cisco Catalyst 9800-CL Wireless Controller

smounche
Level 1
Level 1

Greetings,

I am seeking assistance with configuring Client Isolation on a single SSID on a Cisco Catalyst 9800-CL Wireless Controller.
Basically, Users within the same VLAN must not be able to communicate with each other.

I have been informed that this can be achieved by connecting to the controller/AP via CLI and configuring an ACL.

I would greatly appreciate receiving detailed instructions on how to perform this configuration

Thank you.



7 Replies 7

Try under wlan 

P2P block 

MHM

I did it.
doesn't work. clients still able to see/communicate with each other 

marce1000
Hall of Fame
Hall of Fame

 

 - Ref : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-1/config-guide/b_wl_17_11_cg/wlans.html
  >...Configuring Advanced WLAN Properties (GUI)
  >...From the P2P Blocking Action drop-down list, choose the required value.
                                                                                               (set to block)

  Also check this thread : https://community.cisco.com/t5/wireless/how-to-disable-wireless-client-communication-from-ap-flexconnect/td-p/4606630

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

smounche
Level 1
Level 1

Thanks, everybody. @balaji.bandi @MHM Cisco World @marce1000 

but it seems that "Peer-to-peer blocking" not working fully 

Quote;

Note:     In Flex mode with local switching, as traffic is not going through the controller, P2P blocking is applied only to traffic from clients connected to the same AP. It will not apply to inter-AP traffic. Similarly, in SD-Access mode, this setting really has no effect, as the client traffic is always sent to the fabric edge switch for policy to be applied.

And here is another Quote;

• Cisco controller with central switching clients supports peer-to-peer blocking for clients associated with different APs. However, this solution targets only clients connected to the same AP.

FlexConnect ACLs can be used as a workaround for this limitation.

 

 

- so the question is how do I set ACL 





If that is your deployment sd-access look at the below document :

Native peer to peer blocking is NOT supported on the SDA-wireless.
An administrator would have to use the Cisco Trustsec policy to achieve the desired output.

https://www.cisco.com/c/dam/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/deploy-guide/cisco-dna-center-sd-access-wl-dg.pdf

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

smounche
Level 1
Level 1

I think my deployment is 
Flex AP (local switching)

Review Cisco Networking for a $25 gift card