Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Using psk can you set wifi clients not to speak to each other?

This thread has been viewed 2 times

  • 1.  Using psk can you set wifi clients not to speak to each other?

    Posted Nov 09, 2012 10:28 AM

    Not sure this is a good idea as perhaps this stops them IM'ing each other but is there an option to do this?



  • 2.  RE: Using psk can you set wifi clients not to speak to each other?

    Posted Nov 09, 2012 10:35 AM

    In the VAP profile, there is an option named "Deny inter user traffic".  Check that and users will NOT be able to talk to each other.  IM, Voice and Facetime are a few things that may break, so be careful.



  • 3.  RE: Using psk can you set wifi clients not to speak to each other?

    Posted Nov 09, 2012 10:38 AM

    Thanks this wont be an option then as IM will need to work... anything else you can do to make PSK more secure?



  • 4.  RE: Using psk can you set wifi clients not to speak to each other?

    Posted Nov 09, 2012 10:42 AM

    Create a rule that allows the ports/protocols your IM uses, then denies everything else to/from your WLAN subnet(s).  Make sure that rule is near the bottom of your role ACL listing, but above anything that would allow user>user traffic.



  • 5.  RE: Using psk can you set wifi clients not to speak to each other?

    Posted Nov 09, 2012 10:43 AM

    why don't u create a FW policy to prevent it ? 



  • 6.  RE: Using psk can you set wifi clients not to speak to each other?

    Posted Nov 09, 2012 10:49 AM

    Sounds complicated on howto fit with other rules... so we only allow http and https normally...



  • 7.  RE: Using psk can you set wifi clients not to speak to each other?

    Posted Nov 09, 2012 10:54 AM

    Its not that complicated. 

     

    Create an ACL that allows IM ports/protocols, then denies packets with the destination of your WLAN subnet.  Put those two ACLs into the role your users are using and VOILA, no more user>user traffic EXCEPT IM. 

     

    The order of the rules is very important.  The rules are processed top down and first match.   Just make sure you allow DHCP, DNS and other critical services first, then the IM ACL, then the drop user-user ACL, then your HTTP/HTTPS allow ACL.  At the end is an implicit deny all.



  • 8.  RE: Using psk can you set wifi clients not to speak to each other?

    Posted Nov 09, 2012 11:06 AM

    Thanks:)