Wireless Access

Occasional Contributor II

Deny traffic from virtual AP to virtual AP question

How can I block communication from 1 virtual AP to another?


Here is what I would like


Staff SSID, vlan ID 202 IP


Security SSID, vlan IS 203 IP


This is working great and DHCP works great too, however people on the staff can access the security network.  How can I shut that down?  But allow security to get onto staff?

Re: Deny traffic from virtual AP to virtual AP question


You could create a ROLE with a certain ACL denying traffic from that IP SPACE to X.X.X.X and apply it to the AAA-PROFILE assigned to that VAP.


Hope that helps.

Thank you

Victor Fabian
Lead Mobility Architect @WEI

Re: Deny traffic from virtual AP to virtual AP question

What about inter vlan routing? Nabbed frmo the UG :)


You can optionally disable layer-3 traffic forwarding to or from a specified VLAN. When you disable layer-3
forwarding on a VLAN, the following restrictions apply:
-  Clients on the restricted VLAN can ping each other, but cannot ping the VLAN interface on the
-  IP mobility does not work when a mobile client roams to the restricted VLAN. You must ensure that a
mobile client on a restricted VLAN is not allowed to roam to a non-restricted VLAN. For example, a
mobile client on a guest VLAN should not be able to roam to a corporate VLAN.
To disable layer-3 forwarding for a VLAN configured on the controller:

If my post addresses your query, give kudos:)
Search Airheads
Showing results for 
Search instead for 
Did you mean: