Wireless Access

Reply
Occasional Contributor II

Deny traffic from virtual AP to virtual AP question

How can I block communication from 1 virtual AP to another?

 

Here is what I would like

 

Staff SSID, vlan ID 202 IP 10.202.0.0/16

 

Security SSID, vlan IS 203 IP 10.203.0.0/16

 

This is working great and DHCP works great too, however people on the staff can access the security network.  How can I shut that down?  But allow security to get onto staff?

Re: Deny traffic from virtual AP to virtual AP question

 

You could create a ROLE with a certain ACL denying traffic from that IP SPACE to X.X.X.X and apply it to the AAA-PROFILE assigned to that VAP.

 

Hope that helps.

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: Deny traffic from virtual AP to virtual AP question

What about inter vlan routing? Nabbed frmo the UG :)

 

You can optionally disable layer-3 traffic forwarding to or from a specified VLAN. When you disable layer-3
forwarding on a VLAN, the following restrictions apply:
-  Clients on the restricted VLAN can ping each other, but cannot ping the VLAN interface on the
-  IP mobility does not work when a mobile client roams to the restricted VLAN. You must ensure that a
mobile client on a restricted VLAN is not allowed to roam to a non-restricted VLAN. For example, a
mobile client on a guest VLAN should not be able to roam to a corporate VLAN.
To disable layer-3 forwarding for a VLAN configured on the controller:

ACMA, ACMP
If my post addresses your query, give kudos:)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: