Showing results for 
Search instead for 
Did you mean: 

Preventing wireless clients from communicating with each other

Level 1
Level 1

Simple question I suppose. Assume 2 conditions - a single access point and multiple access points.

Is there any feature to prevent clients from talking at layer2?

2 Replies 2

Level 10
Level 10

Hi John!

For a single access point, it's absolutely (well, probably) possible, just enable "Public Secure Packet Forwarding" (PSPF). PSPF was designed for client security in "hotspot" situations to prevent one user from hacking another. Whether it works for something like NETBIOS, I don't know (but I'll check).

You can find it in the "Interface" page of the Web GUI, or add it as a CLI command under the SSID.

As for multiple APs, I'm not sure (but I'll check). I believe it would be more possible in the LWAP deployment, since all of the APs are under central control ... but perhaps it is also implemented in some form or fashion for stand-alone units as well.

A quick searh on the Cisco Main site I found this fragment:


Note: To prevent communication between clients associated to different access points, you must set up protected ports on the switch to which the wireless devices are connected. See the "Configuring Protected Ports" section for instructions on setting up protected ports.

(end qoute)

Here's the link, the (brief) info and CLI config is under the "Configuring PSPF" section.

I'll poke around some if I get the chance and re-post if I find anything good.

Good Luck


(Merry Christmas / Happy Holidays)


Just call me spidey and get that out of the way. ;)

I appreciate you pointing me in the right direction. I'll check more into the PSPF feature.

Review Cisco Networking for a $25 gift card