ExtremeWireless (Identifi)

Expand all | Collapse all

IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?

  • 1.  IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?

    Posted 07-16-2015 08:46
    We are installing a new Identify installation for a customer with several locations, ( +/- 200)

    the Wlan on the remote locations are going to use by Employees and customers. because of the expensive WAN connections we want that the customers are the internet connections on the remote site, so we configure B@AP. And we also want to block the customer mobile unit to mobile unit traffic.

    Is there a way to block MU to MU traffic at the AP?

    Thank you for your help

    Rien van Maurik



  • 2.  RE: IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?

    Posted 07-16-2015 11:46
    Hi Rien

    You can create a rule in the applied role to block traffic to all hosts in the local subnet, make this rule the first in the rule list and permit (or deny) other required traffic types.

    See this article: https://gtacknowledge.extremenetworks.com/articles/Solution/Block-MU-to-MU-enabled-but-users-can-still-communicate

    Best regards

    -Gareth



  • 3.  RE: IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?

    Posted 07-17-2015 04:50
    Hello Gareth

    Thank You

    We are going to test this solution.

    greetings Rien



  • 4.  RE: IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?

    Posted 05-04-2017 07:42
    Hello,

    does anyone can confirm the rules? I actually tried it with code version 10.31. and it doesn't work for me. If i apply the rule on top no client can even connect, if i apply it on bottom Mu to MU traffic is still working. I also applied rules for DHCP and DNS

    Philipp


  • 5.  RE: IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?

    Posted 07-16-2015 11:46
    Hello Garath,

    could you please post an example of this solution? It tried to configure it, but after adding the second rule to deny MU-to-MU traffic communication to the internet stopped working, to.

    Could post a screenshot for this or a compareable example: client subnet 192.168.100.0/24 and gateway 192.168.100.254.

    Best Regards
    Hartmut



  • 6.  RE: IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?

    Posted 07-16-2015 11:46
    Is your DNS server in the same IP range as your clients? The deny might have blocked DNS traffic. I usually allow DNS, DHCP server and client ports first, then start blocking local subnets in the rule sequence.


  • 7.  RE: IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?

    Posted 07-16-2015 11:46
    The DNS is in another subnet. But you are right, i should add DNS and DHCP, too.


  • 8.  RE: IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?

    Posted 07-16-2015 11:46
    Hi Hartmut

    Sure, in its simplest form, here is my lab rule:



    I know the article says to allow to the subnets default gateway but I don't see a reason to do that, generally traffic is passing through the default gateway, not directly to it.

    I just tested the above in my lab and it works.

    -Gareth


  • 9.  RE: IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?

    Posted 07-16-2015 11:46
    Thanks for both answers, i will test Gareths policy, too. Now i have successfully tested policy with more rules only allowing specific services.