Header Only - DO NOT REMOVE - Extreme Networks

Client Isolation - Extreme Wireless controller

  • 12 January 2017
  • 11 replies
  • 1116 views

Hi Team,
Does anybody have any ideas of how client isolation can be achieved for users on the same SSID and in the same vlan in Controller. I know other manufacturers have a simple Client isolation feature that will achieve this but I can't find it in Extreme Controller.
My ultimate goal is "Users have to communicate only gateway not others".
Any ideas welcome..!!!

11 replies

Userlevel 4
Hi Boopathy,

Please find the steps below to block wireless client to client traffic on a WLAN.

  1. From the Controller/Appliance GUI
  2. Select WLAN Menu
  3. Select desired WLAN to block MU to MU traffic
  4. Click Advanced button
  5. Check the box in the CLient Behavior Window Block MU to MU traffic (not supported on Bridged at AP topologies)
  6. Click the Apply Button
  7. Click Save Button
Reference article below,

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-block-wireless-client-to-client-tra...

Regards,
Nathiya M
Hi Boopathy,

Please find the steps below to block wireless client to client traffic on a WLAN.

  1. From the Controller/Appliance GUI
  2. Select WLAN Menu
  3. Select desired WLAN to block MU to MU traffic
  4. Click Advanced button
  5. Check the box in the CLient Behavior Window Block MU to MU traffic (not supported on Bridged at AP topologies)
  6. Click the Apply Button
  7. Click Save Button
Reference article below,

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-block-wireless-client-to-client-tra...

Regards,
Nathiya M

Thank you for the quick response and I will confirm soon..!!
Userlevel 4
Hi Boopathy,

Please confirm, is it B@EWC or B@AP topology?

Regards,
Nathiya M
Userlevel 7
In the B@AP the "block MU to MU" does not work. You can create rule in Policy Role and allow only traffic destined to your gateway MAC and Broadcasts all other can be blocked.
Userlevel 4
Please check the policy rule configuration for B@AP setup,

https://gtacknowledge.extremenetworks.com/articles/Solution/Block-MU-to-MU-enabled-but-users-can-sti...

Regards,
Nathiya M
Userlevel 4
MU to MU also doesn't work if the client are connected on the same AP.
Userlevel 5
https://gtacknowledge.extremenetworks.com/articles/Solution/Block-MU-to-MU-enabled-but-users-can-sti...
Helllo I have the same problem . I implemented -
  1. From the Controller/Appliance GUI
  2. Select WLAN Menu
  3. Select desired WLAN to block MU to MU traffic
  4. Click Advanced button
  5. Check the box in the CLient Behavior Window Block MU to MU traffic (not supported on Bridged at AP topologies)
  6. Click the Apply Button
  7. Click Save Button
and Applyed the Rulles .

The problem is solved only 1/2 . If 2 users are connected on the same ap everything is fine but if 1 ap is associated to wlc 1 and other ap-s is associated to second wlc 2 and 1 user is connected to 1 ap from wlc 1 and other users is connected to the ap from wlc 2 they can still comunicate

PLease if you have other option let me know


Thank you
Userlevel 5
https://gtacknowledge.extremenetworks.com/articles/Solution/Block-MU-to-MU-enabled-but-users-can-still-communicate

Have you read the above document? This is the way to block the users from talking to anybody except their default gateway.
Hello Craig
I did , the problem ist that the VNS is B@EWC NOT B@AP - IS a Guest VNS
Userlevel 5
Hello Craig
I did , the problem ist that the VNS is B@EWC NOT B@AP - IS a Guest VNS

It doesn't matter how the topology is forwarded..These ACL/Filter rules are applied to the guests role preventing the users from communicating with anybody on its subnet except the default gateway. Call our GTAC if you still need help after looking at the document again.

Reply