Wireless Access

Reply
Occasional Contributor II

Traffic control between wired clients in same VLAN on different RAPs

I have a question regarding traffic control between wired clients on different RAPs.

 

Setup: Two wired clients (A and B) which are connected to two separate RAPs. Both RAPs are in the same AP Group. Both wired clients are connected to the same VLAN.

 

How has the configuration to look like so that:

 

a) Client A is able to communicate with client B but no broadcast traffic from Site A is forwarded to site B and vice versa (some kind of proxy ARP I assume)?

 

b) Client A is not able to communicate with client B but both clients are able to communicate to clients in other subnets through the gateway)? Also in this case no broadcast traffic from Site A should be forwarded to site B and vice versa.

 

In both cases, the default gateway should be external (not controller).

 

Thank you for your support in advance!

 

Stefan

Guru Elite

Re: Traffic control between wired clients in same VLAN on different RAPs

To suppress broadcast traffic on a wired interface you would configure that under the VLAN.  For example, if that wired interface of the RAP was on VLAN 100.

 

config t

interface VLAN 100

bcmc optimization.

 

That command does not block ARP or DHCP traffic.  This would block traffic on wired as well as wireless for that VLAN specifically, so if other WLANs use that VLAN, broadcast traffic would be blocked, as well.  Please be aware it only works on ArubaOS 6.x and above.

 

To prevent clients from talking to each other, you would have to make the wired port untrusted and apply an ACL blocking traffic to those destinations that you don't want clients talking to.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Traffic control between wired clients in same VLAN on different RAPs

Ok. Thank you for your feedback, Colin!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: