This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Client-2-Client communication monitor

Client-2-Client communication monitor

Daniel_Chernovs
New Contributor

ā€Ž10-31-2018 11:47 AM

Hello,

I'm currently looking to disable client-2-client communication on our tunneled Guest network. Before it, I wanted to see if there is a way to know if this traffic exist.

Is there a way to monitor Client-2-Client communication short of pkt-cpt for the subnets?

Thanks in advance
0 Kudos
3 REPLIES 3

ckelly
Extreme Employee

ā€Ž10-31-2018 05:07 PM

Only thing I came think of would be to do something like:
Create an IPv4ACL and set it to allow from the wireless client subnet *to* the wireless client subnet and setup the ACL to log (which should then cause any traffic detected going from one wireless client on that subnet to another wireless client on that same subnet to get log in the event viewer) and then apply this IPv4ACL to one of the APs.
This is really a 'kludgey' way to try to test this though.
As Daren mentioned, probably best to enable the option and then run the 'service pktcap on drop' command and look at the traffic.

Or...if you don't want to YET enable the no client-2-client feature but just want to see if it's happening...then you could still run that command, but look for Source and Destination addresses of traffic that belong the the DHCP pool for the SSID you want to monitor. If you see traffic that is going back and forth between wireless clients on the subnet, then there *is* client-2-client traffic happening.

I don't see any other way to checking this w/o it the process getting more complicated.
0 Kudos

Daren_Ellis
Extreme Employee

ā€Ž10-31-2018 12:44 PM

Hi Daniel,

You would not be able to confirm short of a packet capture.
It would be easier to turn on no client-2-client and run "service pktcap on drop" then look for wireless client-to-client output. Best place to start would be on an AP with the guest WLAN mapped.

Note:
On Guest WLAN there should be no reason for wireless client to communicate with each other.
Communication for the most part is direct to internet. So it would be safe to enable that setting.
0 Kudos

Andrew_Blomley
Extreme Employee

ā€Ž10-31-2018 12:05 PM

add the line in the wlan

no client-client-communication to disable clients-2-client

if you enable this you can then use packet capture to monitor the dropped traffic

Ok its reverse to what you were looking to do but it simple

remote-debug live-pktcap rf-domain drop count 10000
0 Kudos
GTM-P2G8KFN