cancel
Showing results for 
Search instead for 
Did you mean: 

IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?

IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?

Rien_Maurik
New Contributor
We are installing a new Identify installation for a customer with several locations, ( +/- 200)

the Wlan on the remote locations are going to use by Employees and customers. because of the expensive WAN connections we want that the customers are the internet connections on the remote site, so we configure B@AP. And we also want to block the customer mobile unit to mobile unit traffic.

Is there a way to block MU to MU traffic at the AP?

Thank you for your help

Rien van Maurik

8 REPLIES 8

Hi Hartmut

Sure, in its simplest form, here is my lab rule:

9635cfcc2c334815af81d9cb62e6d584_RackMultipart20151113-32244-yqe7nv-block_mu_mu_inline.png



I know the article says to allow to the subnets default gateway but I don't see a reason to do that, generally traffic is passing through the default gateway, not directly to it.

I just tested the above in my lab and it works.

-Gareth

The DNS is in another subnet. But you are right, i should add DNS and DHCP, too.

Is your DNS server in the same IP range as your clients? The deny might have blocked DNS traffic. I usually allow DNS, DHCP server and client ports first, then start blocking local subnets in the rule sequence.

Hello Garath,

could you please post an example of this solution? It tried to configure it, but after adding the second rule to deny MU-to-MU traffic communication to the internet stopped working, to.

Could post a screenshot for this or a compareable example: client subnet 192.168.100.0/24 and gateway 192.168.100.254.

Best Regards
Hartmut

GTM-P2G8KFN