Client-2-Client communication monitor
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-31-2018 11:47 AM
Hello,
I'm currently looking to disable client-2-client communication on our tunneled Guest network. Before it, I wanted to see if there is a way to know if this traffic exist.
Is there a way to monitor Client-2-Client communication short of pkt-cpt for the subnets?
Thanks in advance
I'm currently looking to disable client-2-client communication on our tunneled Guest network. Before it, I wanted to see if there is a way to know if this traffic exist.
Is there a way to monitor Client-2-Client communication short of pkt-cpt for the subnets?
Thanks in advance
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-31-2018 05:07 PM
Only thing I came think of would be to do something like:
Create an IPv4ACL and set it to allow from the wireless client subnet *to* the wireless client subnet and setup the ACL to log (which should then cause any traffic detected going from one wireless client on that subnet to another wireless client on that same subnet to get log in the event viewer) and then apply this IPv4ACL to one of the APs.
This is really a 'kludgey' way to try to test this though.
As Daren mentioned, probably best to enable the option and then run the 'service pktcap on drop' command and look at the traffic.
Or...if you don't want to YET enable the no client-2-client feature but just want to see if it's happening...then you could still run that command, but look for Source and Destination addresses of traffic that belong the the DHCP pool for the SSID you want to monitor. If you see traffic that is going back and forth between wireless clients on the subnet, then there *is* client-2-client traffic happening.
I don't see any other way to checking this w/o it the process getting more complicated.
Create an IPv4ACL and set it to allow from the wireless client subnet *to* the wireless client subnet and setup the ACL to log (which should then cause any traffic detected going from one wireless client on that subnet to another wireless client on that same subnet to get log in the event viewer) and then apply this IPv4ACL to one of the APs.
This is really a 'kludgey' way to try to test this though.
As Daren mentioned, probably best to enable the option and then run the 'service pktcap on drop' command and look at the traffic.
Or...if you don't want to YET enable the no client-2-client feature but just want to see if it's happening...then you could still run that command, but look for Source and Destination addresses of traffic that belong the the DHCP pool for the SSID you want to monitor. If you see traffic that is going back and forth between wireless clients on the subnet, then there *is* client-2-client traffic happening.
I don't see any other way to checking this w/o it the process getting more complicated.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-31-2018 12:44 PM
Hi Daniel,
You would not be able to confirm short of a packet capture.
It would be easier to turn on no client-2-client and run "service pktcap on drop" then look for wireless client-to-client output. Best place to start would be on an AP with the guest WLAN mapped.
Note:
On Guest WLAN there should be no reason for wireless client to communicate with each other.
Communication for the most part is direct to internet. So it would be safe to enable that setting.
You would not be able to confirm short of a packet capture.
It would be easier to turn on no client-2-client and run "service pktcap on drop" then look for wireless client-to-client output. Best place to start would be on an AP with the guest WLAN mapped.
Note:
On Guest WLAN there should be no reason for wireless client to communicate with each other.
Communication for the most part is direct to internet. So it would be safe to enable that setting.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-31-2018 12:05 PM
add the line in the wlan
no client-client-communication to disable clients-2-client
if you enable this you can then use packet capture to monitor the dropped traffic
Ok its reverse to what you were looking to do but it simple
remote-debug live-pktcap rf-domain drop count 10000
no client-client-communication to disable clients-2-client
if you enable this you can then use packet capture to monitor the dropped traffic
Ok its reverse to what you were looking to do but it simple
remote-debug live-pktcap rf-domain
