01-31-2019 03:13 PM
We use Aerohive and I was wondering if there is something in the cloud manager I can do to prevent client to client communication. We do not want our wireless devices to be able to communicate with each other, for example 2 mobile devices etc.
Any advice is appreciated.
Thanks
Solved! Go to Solution.
01-31-2019 04:22 PM
For legacy HM platform:
At the SSID, under Optional Settings and DoS Prevention and Filters, you would want to create a Traffic Filter. Untick the "Enable Inter-station Traffic" checkbox and push that to the AP(s).
For the current HM platform:
Under the SSID, hit Customize for Optional Settings and the Traffic Filter options are at the top right of my view. Simply untick the same "Enable Inter-station Traffic" checkbox and update the hardware.
This option should stop clients from talking to other clients on the same SSID.
02-14-2019 02:09 PM
This did it, thanks very much If i use a network scanning tool now the only thing that comes up is the gateway which is exactly what we wanted.
01-31-2019 04:22 PM
For legacy HM platform:
At the SSID, under Optional Settings and DoS Prevention and Filters, you would want to create a Traffic Filter. Untick the "Enable Inter-station Traffic" checkbox and push that to the AP(s).
For the current HM platform:
Under the SSID, hit Customize for Optional Settings and the Traffic Filter options are at the top right of my view. Simply untick the same "Enable Inter-station Traffic" checkbox and update the hardware.
This option should stop clients from talking to other clients on the same SSID.
01-31-2019 03:32 PM
Thanks for the reply. Our wireless is for public use, so we don't want users being able to communicate with each other on the network, only access to the gateway for internet would be required.
We don't really use the firewall policies to be honest, we have a separate firewall and proxy servers etc.
If I setup the firewall policies to stop client to client communications, can this be done on an SSID basis?
Thanks
01-31-2019 03:23 PM
Your clients will only be able to reach other clients on the same VLAN. I think the easiest thing for you would be the guest internet access only firewall policy in the UP, which will block all internal resources but still allow internet access.