5 Replies Latest reply on May 15, 2013 9:01 AM by daniel.blackmon

    Client to Client prevention

    ianterry New Member

      HI All,

       

      New to Bluesocket so apologies in advance for the basic question.

       

      The option under Roles -> "Allow client to client on same AP" - I understand that this is disabled by default.

       

      My question is, does this then apply to preventing "client to client" across all APs? From example a client connected to AP1 cannot communicate to a client connected to AP2.

       

      Any help gratefully received.

       

      Thanks

       

      Ian

        • Re: Client to Client prevention
          daniel.blackmon Employee

          ianterry

           

          The option you are referring to does not apply to traffic across different AP's. Basically client traffic will need to pass through the physical interface on the AP for Role policies to take affect. Client-to-client traffic on the same AP acts much like host-to-host traffic (at layer 2) on a switch. You can almost think of this option like a hardware ACL on a switch; it prevents intra-VLAN traffic from being switched at layer 2 within the AP.

            • Re: Client to Client prevention
              ianterry New Member

              Thanks for the prompt reply.

               

              Is there any way that I can prevent client-to-client communication within the WLAN? - basically I want to prevent hacking of client devices from other client devices.

                • Re: Client to Client prevention
                  daniel.blackmon Employee

                  ianterry

                   

                  You will want to check your roles as they are basically the firewall for the wireless client. If you do no allow traffic explicitly in the role, then the traffic will not be allowed through. If you are using vWLAN 2.2, look under Configuration> Role Based Access Control> Roles. If you edit the client role, you should see the following towards the bottom of the page.

                   

                  vwlan-2-2_firewall-polices.png

                   

                  This role allows DNS, HTTP, and HTTPS outgoing to any destination.  You should pay close attention to the column descriptions as they will help guide your configuration. You can create services and destinations from the same Role Based Access Control menu.

                   

                  Let me know if this helps clarify some things or if you still have questions.

                  1 of 1 people found this helpful