Extreme Networks

Rien_Maurik · ‎07-16-2015

We are installing a new Identify installation for a customer with several locations, ( +/- 200)

the Wlan on the remote locations are going to use by Employees and customers. because of the expensive WAN connections we want that the customers are the internet connections on the remote site, so we configure B@AP. And we also want to block the customer mobile unit to mobile unit traffic.

Is there a way to block MU to MU traffic at the AP?

Thank you for your help

Rien van Maurik

Gareth_Mitchell · ‎07-16-2015

Hi Hartmut

Sure, in its simplest form, here is my lab rule:

9635cfcc2c334815af81d9cb62e6d584_RackMultipart20151113-32244-yqe7nv-block_mu_mu_inline.png

I know the article says to allow to the subnets default gateway but I don't see a reason to do that, generally traffic is passing through the default gateway, not directly to it.

I just tested the above in my lab and it works.

-Gareth

hsachse · ‎07-16-2015

The DNS is in another subnet. But you are right, i should add DNS and DHCP, too.

Brian_Anderson3 · ‎07-16-2015

Is your DNS server in the same IP range as your clients? The deny might have blocked DNS traffic. I usually allow DNS, DHCP server and client ports first, then start blocking local subnets in the rule sequence.

hsachse · ‎07-16-2015

Hello Garath,

could you please post an example of this solution? It tried to configure it, but after adding the second rule to deny MU-to-MU traffic communication to the internet stopped working, to.

Could post a screenshot for this or a compareable example: client subnet 192.168.100.0/24 and gateway 192.168.100.254.

Best Regards
Hartmut

Extreme Networks

IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?

IdentiFi; Is there a way to Block MU to MU traffic with B@AP in the same Virtual Network or Wlan Services?