2 Replies Latest reply on Oct 22, 2013 11:25 AM by daniel.blackmon

    Wireless Station Separation / Isolation

    mrcliffyg New Member

      I know I saw an option to enable / disable Station Separation but I can't seem to find it. Anyone know where it is in 2.3.09?

        • Re: Wireless Station Separation / Isolation
          daniel.blackmon Employee

          mrcliffyg

           

          Station Separation (aka. client separation) is disabled by default. You can enable (allow) client to client traffic in the roles.

          allow-client-to-client.png

           

          It is important to note that this only applies to clients on the same AP. The APs use the roles to filter traffic at layers 3 and 4 (network and transport layers respectively). So the AP looks at IP addresses and TCP/UDP ports (as well some other protocols such ICMP). But this also means that when clients on different APs but in the same network (locations in vWLAN) try to pass the traffic, the AP will examine the layer 3 header applying firewall rules as necessary. In other words, intranetwork traffic must be allowed as well.

           

          For example, let's say you have checked this box. There are two clients with IP addresses in the same network. Client A is 10.0.0.1 and client B is 10.0.0.2. If client A and client B are on the same AP, they can communicate. If, however, client A and client B are on different APs, then when client A tries to communicate with client B, the AP servicing client A will check the packet header. If the role does not allow the traffic, then client A cannot communicate with client B.

          • Re: Wireless Station Separation / Isolation
            daniel.blackmon Employee

            I went ahead and flagged this post Assumed Answered to make it easier for others to find it in the support community. If any of the answers were Correct or Helpful Answer, feel free to mark them appropriately.