Configuring Peer-to-Peer Blocking

Restrictions on Peer-to-Peer Blocking

  • Peer-to-peer blocking does not apply to multicast traffic.

  • In FlexConnect, solution peer-to-peer blocking configuration cannot be applied only to a particular FlexConnect AP or a subset of APs. It is applied to all FlexConnect APs that broadcast the SSID.

  • Cisco controller with central switching clients supports peer-to-peer upstream-forward. However, this is not supported in the FlexConnect solution. This is treated as peer-to-peer drop and client packets are dropped.

  • Cisco controller with central switching clients supports peer-to-peer blocking for clients associated with different APs. However, this solution targets only clients connected to the same AP. FlexConnect ACLs can be used as a workaround for this limitation.

Peer-to-Peer Blocking

Peer-to-peer blocking is applied to individual WLANs, and each client inherits the peer-to-peer blocking setting of the WLAN to which it is associated. Peer-to-Peer enables you to have more control over how traffic is directed. For example, you can choose to have traffic bridged locally within the , dropped by the , or forwarded to the upstream VLAN.

Peer-to-peer blocking is supported for clients that are associated with local and central switching WLANs.

Per WLAN, peer-to-peer configuration is pushed by the controller to FlexConnect AP. In controller software releases prior to 4.2, peer-to-peer blocking is applied globally to all clients on all WLANs and causes traffic between two clients on the same VLAN to be transferred to the upstream VLAN rather than being bridged by the controller . This behavior usually results in traffic being dropped at the upstream switch because switches do not forward packets out the same port on which they are received.

This section contains the following subsections:

Configuring Peer-to-Peer Blocking (GUI)

Procedure

Step 1

Choose WLANs to open the WLANs page.

Step 2

Click the ID number of the WLAN for which you want to configure peer-to-peer blocking.
Step 3

Choose the Advanced tab to open the WLANs > Edit (Advanced) page.

Step 4

Choose one of the following options from the P2P Blocking drop-down list:

  • Disabled—Disables peer-to-peer blocking and bridges traffic locally within the controller whenever possible. This is the default value.

    Note 

    Traffic is never bridged across VLANs in the controller.

  • Drop—Causes the controller to discard the packets.

  • Forward-UpStream—Causes the packets to be forwarded on the upstream VLAN. The device above the controller decides what action to take regarding the packets.

    Note 

    To enable peer-to-peer blocking on a WLAN configured for FlexConnect local switching, select Drop from the P2P Blocking drop-down list and select the FlexConnect Local Switching check box.

Step 5

Click Apply to commit your changes.

Step 6

Click Save Configuration to save your changes.

Configuring Peer-to-Peer Blocking (CLI)

Procedure

Step 1

Configure a WLAN for peer-to-peer blocking by entering this command:

config wlan peer-blocking {disable | drop | forward-upstream} wlan_id

Step 2

Save your changes by entering this command:

save config

Step 3

See the status of peer-to-peer blocking for a WLAN by entering this command:

show wlan wlan_id

Information similar to the following appears:


WLAN Identifier.................................. 1
Profile Name..................................... test
Network Name (SSID).............................. test
Status........................................... Enabled
...
...
...
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
Local EAP Authentication...................... Disabled