02-07-2013 09:38 AM
How can I block communication from 1 virtual AP to another?
Here is what I would like
Staff SSID, vlan ID 202 IP 10.202.0.0/16
Security SSID, vlan IS 203 IP 10.203.0.0/16
This is working great and DHCP works great too, however people on the staff can access the security network. How can I shut that down? But allow security to get onto staff?
02-07-2013 09:49 AM
You could create a ROLE with a certain ACL denying traffic from that IP SPACE to X.X.X.X and apply it to the AAA-PROFILE assigned to that VAP.
Hope that helps.
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
02-13-2013 08:04 AM
What about inter vlan routing? Nabbed frmo the UG :)
You can optionally disable layer-3 traffic forwarding to or from a specified VLAN. When you disable layer-3
forwarding on a VLAN, the following restrictions apply:
- Clients on the restricted VLAN can ping each other, but cannot ping the VLAN interface on the
- IP mobility does not work when a mobile client roams to the restricted VLAN. You must ensure that a
mobile client on a restricted VLAN is not allowed to roam to a non-restricted VLAN. For example, a
mobile client on a guest VLAN should not be able to roam to a corporate VLAN.
To disable layer-3 forwarding for a VLAN configured on the controller:
If my post addresses your query, give kudos:)