04-01-2024 01:29 AM
Greetings,
I am seeking assistance with configuring Client Isolation on a single SSID on a Cisco Catalyst 9800-CL Wireless Controller.
Basically, Users within the same VLAN must not be able to communicate with each other.
I have been informed that this can be achieved by connecting to the controller/AP via CLI and configuring an ACL.
I would greatly appreciate receiving detailed instructions on how to perform this configuration
Thank you.
04-01-2024 01:37 AM
Try under wlan
P2P block
MHM
04-01-2024 04:37 AM
I did it.
doesn't work. clients still able to see/communicate with each other
04-01-2024 02:07 AM
- Ref : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-1/config-guide/b_wl_17_11_cg/wlans.html
>...Configuring Advanced WLAN Properties (GUI)
>...From the P2P Blocking Action drop-down list, choose the required value.
(set to block)
Also check this thread : https://community.cisco.com/t5/wireless/how-to-disable-wireless-client-communication-from-ap-flexconnect/td-p/4606630
M.
04-01-2024 02:08 AM
04-01-2024 04:49 AM
Thanks, everybody. @balaji.bandi @MHM Cisco World @marce1000
but it seems that "Peer-to-peer blocking" not working fully
Quote;
Note: In Flex mode with local switching, as traffic is not going through the controller, P2P blocking is applied only to traffic from clients connected to the same AP. It will not apply to inter-AP traffic. Similarly, in SD-Access mode, this setting really has no effect, as the client traffic is always sent to the fabric edge switch for policy to be applied.
And here is another Quote;
• Cisco controller with central switching clients supports peer-to-peer blocking for clients associated with different APs. However, this solution targets only clients connected to the same AP.
FlexConnect ACLs can be used as a workaround for this limitation.
- so the question is how do I set ACL
04-01-2024 06:57 AM
If that is your deployment sd-access look at the below document :
Native peer to peer blocking is NOT supported on the SDA-wireless.
An administrator would have to use the Cisco Trustsec policy to achieve the desired output.
04-02-2024 12:58 AM
I think my deployment is
Flex AP (local switching)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide