Peer-to-Peer Client Support

Peer-to-peer client support

Peer-to-peer client support is a WLAN feature that

  • provides granular control over how traffic is directed

  • can be applied to individual WLANs with each client inheriting the peer-to-peer blocking setting of the WLAN to which it is associated

  • allows traffic to be bridged locally within a device, dropped by a device, or forwarded to the upstream VLAN.

Peer-to-peer blocking support details

Peer-to-peer blocking is supported for clients that are associated with local and central switching WLANs.

These restrictions apply to peer-to-peer client support:

  • Peer-to-peer blocking does not apply to multicast traffic.

  • Peer-to-peer blocking is not enabled by default.

  • In FlexConnect, peer-to-peer blocking configuration cannot be applied only to a particular FlexConnect AP or a subset of APs. It is applied to all the FlexConnect APs that broadcast the SSID.

  • FlexConnect central switching clients supports peer-to-peer upstream-forward. However, this is not supported in the FlexConnect local switching. This is treated as peer-to-peer drop and client packets are dropped.

    FlexConnect central switching clients supports peer-to-peer blocking for clients associated with different APs. However, for FlexConnect local switching, this solution targets only clients connected to the same AP. FlexConnect ACLs can be used as a workaround for this limitation.

Configure peer-to-peer client support

Enable peer-to-peer blocking policies to control communication between wireless clients on the same WLAN.
Peer-to-peer blocking allows you to control whether wireless clients can communicate directly with each other or must route traffic through the upstream network infrastructure. This feature is useful for security and traffic management in enterprise environments.

Procedure

Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Enter WLAN configuration submode.

Example:

Device(config)# wlan profile-name

The profile-name is the profile name of the configured WLAN.

Step 3

Configure peer-to-peer blocking parameters.

Example:

Device(config-wlan)# peer-blocking allow-private-group | drop | forward-upstream

Example:

Device(config-wlan)# peer-blocking drop

The keywords are:

  • allow-private-group: Enables peer-to-peer blocking on the Allow Private Group action.

  • drop: Enables peer-to-peer blocking on the drop action.

  • forward-upstream: No action is taken and forwards packets to the upstream.

    Note

     

    The forward-upstream option is not supported for Flex local switching. Traffic is dropped even if this option is configured. Also, peer to peer blocking for local switching SSIDs are available only for the clients on the same AP.

Step 4

Return to privileged EXEC mode.

Example:

Device(config)# end

Step 5

Display the details of the selected WLAN.

Example:

Device# show wlan id wlan-id

Example:

Device# show wlan id 12
Peer-to-peer client support is now configured on the WLAN with the specified blocking behavior for client-to-client communication.