[c-nsp] Block traffic between users in the same vlan
Rodney Dunn
rodunn at cisco.com
Wed Apr 13 11:35:39 EDT 2005
I'm no WIFI person but I can tell you that IP ACL's
on an interface only work on packets that are L3 switched
through the box (ie: devices not on the same subnet).
So for devices on the same subnet the ACL's would not be
applied in a normal IOS configuration.
Rodney
On Wed, Apr 13, 2005 at 05:06:30PM +0200, Ruben Montes wrote:
> Hello,
>
> I want to block traffic between users in the same vlan: the only communication allowed will be with the default gateway of this vlan.
>
> source dest action
> 192.168.1.0/24 192.168.1.1/32(gateway) permit
> 192.168.1.0/24 192.168.1.0/24 deny
> 192.168.1.0/24 not(192.168.1.0/24) permit
>
> Can this be accomplished with VACLs? This is a wifi environment and we want to block all access between wifi clients. I know there's a functionality called PSPF, but this only applies to clients associated in the same AP.
> Any working configuration would be appreciated.
>
> Regards,
>
> Ruben
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list