Re: PSPF across Accesspoints on different Switches

phasler · ‎11-04-2004

Our setup consists of several dozen 1200 Accesspoints connected to various switches(2924,2940,2948,2950 etc.).

Is it possible to configure a PSPF-like feature between all Accesspoints even if they are connected via different switches across the campus?

I am especially interested in surpressing spreading of Windows-Viruses between clients that have not yet started a VPN connection.

dixho · ‎11-04-2004

Yes, please do the followings:

1. Go to the GUI, click on "SERVICE"

2. Click on "VLAN

3. Create a VLAN there. Check "Enable Public Secure Packet Forwarding"

arvedarved · ‎11-08-2004

I know how to enable PSPF on one Accesspoint.

The question was how to enable PSPF on Accesspoints across different switches.

The docs at http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i12213ja/i12213sc/s13rf.htm#wp1042433

only contain information about PFPF on Accesspoints connected to _one_ switch.

jasony15 · ‎11-09-2004

If the clients are only supposed to connect through the VPN server, use an access-list on the APs wireless interface that only allows clients to communicate with the VPN concentrator. Don't forget to allow dhcp through the access-list also.

Another option is to enable 'port protected' on the switch ports with APs connected, or use private vlans and set the APs on isolated ports depending on the switch type. Refer to Cisco documentation for more details.