Cisco Wireless LAN Controller Configuration Guide, Release 7.5
Configuring Peer-to-Peer Blocking
Downloads: This chapterpdf (PDF - 1.22MB) The complete bookPDF (PDF - 17.88MB) | The complete bookePub (ePub - 4.41MB) | Feedback

Configuring Peer-to-Peer Blocking

Configuring Peer-to-Peer Blocking

Restrictions for Peer-to-Peer Blocking

  • In controller software releases prior to 4.2, the controller forwards Address Resolution Protocol (ARP) requests upstream (just like all other traffic). In controller software release 4.2 or later releases, ARP requests are directed according to the behavior set for peer-to-peer blocking.
  • Peer-to-peer blocking does not apply to multicast traffic.
  • If you upgrade to controller software release 4.2 or later releases from a previous release that supports global peer-to-peer blocking, each WLAN is configured with the peer-to-peer blocking action of forwarding traffic to the upstream VLAN.
  • In FlexConnect, solution peer-to-peer blocking configuration cannot be applied only to a particular FlexConnect AP or a subset of APs. It is applied to all FlexConnect APs that broadcast the SSID.
  • Unified solution for central switching clients supports peer-to-peer upstream-forward. However, this is not supported in the FlexConnect solution. This is treated as peer-to-peer drop and client packets are dropped.
  • Unified solution for central switching clients supports peer-to-peer blocking for clients associated with different APs. However, this solution targets only clients connected to the same AP. FlexConnect ACLs can be used as a workaround for this limitation.

Information About Peer-to-Peer Blocking

Peer-to-peer blocking is applied to individual WLANs, and each client inherits the peer-to-peer blocking setting of the WLAN to which it is associated. Peer-to-Peer enables you to have more control over how traffic is directed. For example, you can choose to have traffic bridged locally within the controller, dropped by the controller, or forwarded to the upstream VLAN.

Peer-to-peer blocking is supported for clients that are associated with the local switching WLAN.

Per WLAN, peer-to-peer configuration is pushed by the controller to FlexConnect AP. In controller software releases prior to 4.2, peer-to-peer blocking is applied globally to all clients on all WLANs and causes traffic between two clients on the same VLAN to be transferred to the upstream VLAN rather than being bridged by the controller. This behavior usually results in traffic being dropped at the upstream switch because switches do not forward packets out the same port on which they are received.

Configuring Peer-to-Peer Blocking (GUI)


    Step 1   Choose WLANs to open the WLANs page.
    Step 2   Click the ID number of the WLAN for which you want to configure peer-to-peer blocking.
    Step 3   Choose the Advanced tab to open the WLANs > Edit (Advanced) page.
    Step 4   Choose one of the following options from the P2P Blocking drop-down list:
    • Disabled—Disables peer-to-peer blocking and bridges traffic locally within the controller whenever possible. This is the default value.
      Note   

      Traffic is never bridged across VLANs in the controller.

    • Drop—Causes the controller to discard the packets.
    • Forward-UpStream—Causes the packets to be forwarded on the upstream VLAN. The device above the controller decides what action to take regarding the packets.
      Note   

      To enable peer-to-peer blocking on a WLAN configured for FlexConnect local switching, select Drop from the P2P Blocking drop-down list and select the FlexConnect Local Switching check box.

    Step 5   Click Apply to commit your changes.
    Step 6   Click Save Configuration to save your changes.

    Configuring Peer-to-Peer Blocking (CLI)


      Step 1   Configure a WLAN for peer-to-peer blocking by entering this command:

      config wlan peer-blocking {disable | drop | forward-upstream} wlan_id

      Step 2   Save your changes by entering this command:

      save config

      Step 3   See the status of peer-to-peer blocking for a WLAN by entering this command:

      show wlan wlan_id

      Information similar to the following appears:

      
      WLAN Identifier.................................. 1
      Profile Name..................................... test
      Network Name (SSID).............................. test
      Status........................................... Enabled
      ...
      ...
      ...
      Peer-to-Peer Blocking Action..................... Disabled
      Radio Policy..................................... All
      Local EAP Authentication...................... Disabled