Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
969
Views
2
Helpful
6
Replies

P2P Blocking - Possible to Whitelist IP address?

mac1234
Level 1
Level 1

‎05-04-2023 08:02 AM

We have a guest WLAN setup. We are using P2P Blocking on this WLAN and have it set to "Drop".  This blocks all connectivity between connected devices on the guest WLAN. Works great. Controller is a 3504.

Question is this:  Is it possible to Whitelist an IP (or multiple IP's or a range) so that connected clients can connect only to the whitelisted address?

 

Reason, is we have a device that we may put on the guest WLAN that provides a service. We would like all connected guests to be able to reach this one device, but still be blocked between other guests.

 

Labels:
0 Helpful
6 Replies 6

Flavio Miranda
VIP
VIP

‎05-04-2023 08:14 AM

Hi

  This is not possible. P2P Blocking will block all lateral communication on that specific WLAN. In your scnario, this specific device must be in the cabling network or another WLAN.

mac1234
Level 1
Level 1
In response to Flavio Miranda

‎05-04-2023 09:23 AM

Ok.  And ACL does not apply for lateral?  I noticed I can create an ACL and then set on the WLAN advanced tab to 'override the interface ACL'. I guess this just applies for traffic in and out of the interface used by the WLAN though and not P2P traffic, correct?

0 Helpful

Flavio Miranda
VIP
VIP
In response to mac1234

‎05-04-2023 09:47 AM

Correct. Cisco made something really interesting by creating P2P, however, it seems they missed the next step which is allow us to add condittional P2P blocking. I´ve been on this path on the past and I did not found a way arount it

Unfortunatelly this is it.

mac1234
Level 1
Level 1
In response to Flavio Miranda

‎05-04-2023 09:50 AM

Well, that's a bummer. It seems like it would be a simple thing, but oh well.

0 Helpful

JPavonM
VIP
VIP

‎05-04-2023 10:48 PM

Unfortunatle Cisco does not have such feature than other vendors have, where you can create groups of isolated devices.

0 Helpful

Rich R
VIP
VIP

‎05-05-2023 05:56 AM

But as @Flavio Miranda said your options are cabled network or different WLAN.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card