Security

Hi All

we have enabled deny inter user traffic on one of the SSID . Now we are having issue with Cisco Jabber clients which use UDP Ports 16384 to 32766 (inbound and outbound) . In the user role we have a role with allowall . How we can allow communication between clients on these UDP ports and the same time keep the deny inter user traffic setting on ? 

Deny Inter user traffic blocks all traffic, so you should not use it in an environment where users need to communicate with each other.  I would have your users turn their host-based firewalls on.

Thanks Joseph

is there any way to drop inter vlan communication ? i have four vlans

192.168.10.0/24

192.168.11.0/24

192.168.12.0/24

192.168.13.0/24 

and 192.168.10.1,192.168.11.1,192.168.12.1 and 192.168.13.1 are the gateway ips of each subnet. is it possible to drop the communication between  clients in each subnet .

You can create a session ACL in the role for your users that allows UDP Ports 16384 to 32766 and then blocks traffic to 

192.168.10.0/24

192.168.11.0/24

192.168.12.0/24

192.168.13.0/24  

You can then allow traffic to whatever else your clients need to get to.

Why you would  NOT do this however, is that it becomes very difficult to troubleshoot traffic issues if you have a long list of blocks and permits...