Cisco MU-to-MU disallow

// Expert user has replied.
I Ian Jobson 3 years 7 months ago
1 2 0

All, I am trying to get a mobile printing solution working with a customer but we have hit a problem with their Cisco infrastructure. We are using WT4090s and Zebra QL420+ printers. We hav tested the solution in their offices with a Cisco AP sat on a desk and it works fine. But when we go to site I can't get the terminal to talk to the printer, and infact I can't ping any other mobile device on site from the terminal, despite the fact that I can ping the router and the access point and they can ping both the printer and the terminal from the wired side. To me this looks some kind of Cisco equivalent of our MU-to-MU disallow function, where we cannot get direct comms between two wireless devices. However the IT guys claim that there is nothing on the network or APs that would block it. I believe the APs are Cisco 1231Gs, does anyone have a manual or know whether this setting exists? Ta IJ 

Please Register or Login to post a reply

2 Replies

B Bill Sakoda

Following: 1) url for Config Guide.  2) Snippet therefrom.  Bill http://www.cisco.com/en/US/docs/wireless/access_point/12.2_13_JA/config… 1                 Enabling and Disabling Public Secure Packet Forwarding

Public Secure Packet Forwarding (PSPF) prevents client devices associated to an access point from inadvertently sharing files or communicating with other client devices associated to the access point. It provides Internet access to client devices without providing other capabilities of a LAN. This feature is useful for public wireless networks like those installed in airports or on college campuses.

Note To prevent communication between clients associated to different access points, you must set up protected ports on the switch to which your access points are connected. See the "Configuring Protected Ports" section for instructions on setting up protected ports.

To enable and disable PSPF using CLI commands on your access point, you use bridge groups. You can find a detailed explanation of bridge groups and instructions for implementing them in this document:

• Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.2. Click this link to browse to the Configuring Transparent Bridging chapter: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr…

You can also enable and disable PSPF using the web-browser interface. The PSPF setting is on the Radio Settings pages.

PSPF is disabled by default. Beginning in privileged EXEC mode, follow these steps to enable PSPF:

 

Command

Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface dot11radio { 0 | 1 }

Enter interface configuration mode for the radio interface. The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.

Step 3 

bridge-group group port-protected

Enable PSPF.

Step 4 

end

Return to privileged EXEC mode.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no form of the command to disable PSPF.

M Marcus Kurath

The setting exists in most AP's in some cases it is called Intra BSS. I would ask them to take 2 laptops attached to the same ap and see if they can ping each other. One other comment...If the devices are connected to different AP's (Maybe they are in different parts of  the building) they will ping even if they are wireless. The Intra BSS function restricts wireless devices on the same AP  from communication

CONTACT
Can’t find what you’re looking for?