Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1558
Views
16
Helpful
5
Replies

How to disable wireless client communication from AP FlexConnect

Ethan and Mia
Level 1
Level 1

‎05-09-2022 12:10 AM

Hi Master

I looking solution for disable wireless client communication(client to client) i try to action "drop" P2P Blocking on WLAN  butt still not working ,   Is there anyway to block communication from WLC ,  All APs on FlexConnection mode 

 

thank you

0 Helpful
5 Replies 5

Flavio Miranda
VIP
VIP

‎05-09-2022 12:37 AM - edited ‎05-09-2022 12:40 AM

Restrictions on Peer-to-Peer Blocking

• Peer-to-peer blocking does not apply to multicast traffic.

• In FlexConnect, solution peer-to-peer blocking configuration cannot be applied only to a particular FlexConnect AP or a subset of APs. It is applied to all FlexConnect APs that broadcast the SSID.

• Cisco controller with central switching clients supports peer-to-peer upstream-forward. However, this is not supported in the FlexConnect solution. This is treated as peer-to-peer drop and client packets are dropped.

• Cisco controller with central switching clients supports peer-to-peer blocking for clients associated with different APs. However, this solution targets only clients

connected to the same AP. FlexConnect ACLs can be used as a workaround for this limitation

 

Besides flexconnect ACL, you can also apply ACL to the interface vlan on the layer3 device.

 Actually, ACL will be necessary when client belong to different vlans. When client belong to different vlan, the controller will hand off the traffic to the laser 3 device and will not Block P2P, even in local mode.

MHM Cisco World
VIP
VIP

‎05-09-2022 05:03 AM

If few user 
you can use Mac ACL in SW that FLEX is connect.

0 Helpful

Rich R
VIP
VIP

‎05-09-2022 09:12 AM

It depends on your network topology and requirements but you may need to use a combination of P2P blocking, ACLs and "switchport protected" on your switch ports.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

Ethan and Mia
Level 1
Level 1
In response to Rich R

‎05-09-2022 11:29 AM

Hello , rrudling

I never use port protected . Is it should on the port connected to APs right ? and from uplink switch to switch should have it?

 

 

Thank for your reply 

0 Helpful

Rich R
VIP
VIP

‎05-09-2022 02:35 PM

On AP ports yes - to stop clients on 1 AP talking to clients on another AP but not the uplink port otherwise the AP and clients will be blocked from connectivity to the WLC and internet.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card