11-09-2012 07:34 AM
In the VAP profile, there is an option named "Deny inter user traffic". Check that and users will NOT be able to talk to each other. IM, Voice and Facetime are a few things that may break, so be careful.
11-09-2012 07:42 AM
Create a rule that allows the ports/protocols your IM uses, then denies everything else to/from your WLAN subnet(s). Make sure that rule is near the bottom of your role ACL listing, but above anything that would allow user>user traffic.
11-09-2012 07:54 AM
Its not that complicated.
Create an ACL that allows IM ports/protocols, then denies packets with the destination of your WLAN subnet. Put those two ACLs into the role your users are using and VOILA, no more user>user traffic EXCEPT IM.
The order of the rules is very important. The rules are processed top down and first match. Just make sure you allow DHCP, DNS and other critical services first, then the IM ACL, then the drop user-user ACL, then your HTTP/HTTPS allow ACL. At the end is an implicit deny all.