1. Home
  2. Cisco Systems
  3. Cisco Wireless - Client hidden from each other possible ?

Cisco Wireless - Client hidden from each other possible ?

Hi All,

We are using Cisco wireless access points, we would like for the associated clients to not to be able to see each other, is this possible? The solution is wireless internet access for an office block with many businesses. But we don't want company 1 from seeing company 2. we thought VLANS but we also need DHCP to work for each client computer. We can if needed buy additional Cisco hardware to do this if needed.

Can the access point do this somehow? Does anyone have any ideas?

Many thanks for you time,

corbett at postmaster dot co dot uk

Craig.

Reply to
corb
Loading thread data ...

check out protect port command on bridge group

bridge-group port-protected

Reply to
Merv

Merv schrieb:

This works only between clients on a single AP. A client associated to AP1 can always reach a wireless station associated to AP2 because both APs bridge the traffic between different interfaces in the bridge group, even if "port-protected".

If you want to separate traffic from different business you'll may want a VLAN setup.

Reply to
Uli Link

you'll may want

VLAN yes we have looked, but we cannot setup DHCP on the AP per VLAN

Reply to
corb

You can definitely do this if you have a WLAN controller, like a 4402. Makes it very easy to setup AP's and WLANs (Wireless LANs).

Scott

Reply to
thrill5

~ Merv schrieb: ~ > check out protect port command on bridge group ~ > ~ > bridge-group ~ > port-protected ~ > ~ ~ This works only between clients on a single AP. ~ A client associated to AP1 can always reach a wireless station ~ associated to AP2 because both APs bridge the traffic between different ~ interfaces in the bridge group, even if "port-protected". ~ ~ If you want to separate traffic from different business you'll may want ~ a VLAN setup.

I'd recommend crafting ACLs. I.e. on each access point's radio interface, have the following input access lists:

bridge ACL: forbid all non-IP packets

IP ACL: permit IP packets sourced from 0.0.0.0 port bootpc forbid IP packets sourced from anything but the client range forbid IP packets sourced from the client range and addressed to the client range block MS junk

stuff like that ...

[the above is not tested by me]
Reply to
Aaron Leonard

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.