Uncheck "Enable Inter-station Traffic" under the traffic filter. Is this local to the AP or Hive wide

  • 2
  • Question
  • Updated 11 months ago
Setting up a new network. We want to disable Inter-station traffic on this SSID. Trying to determine if this setting is Hive wide or limited to the individual AP.

Several forums posts talk about this setting being local to the AP only and that if you want to prevent Inter-station traffic across the network you have to use IP based firewall rules (which do not limit layer 2 traffic).

The Hive OS 6.2 release notes had an entry "Hive-wide client isolation" under product features.  Does this mean that limiting Inter-station traffic is now Hive wide after 6.2?
Photo of Michael Keyes

Michael Keyes

  • 3 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 2
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
I was under the impression that the feature prohibiting the inter-station traffic was just a standard driver feature mapped through, which is why it works only with the course granularity of being configured against a SSID.

I believe it applies only for-and-between the STAs associated for that SSID on an AP, to the BSS. If you want to perform further L2 filtering, I would look at doing it with managed switches.
(Edited)
Photo of Michael Keyes

Michael Keyes

  • 3 Posts
  • 0 Reply Likes
I'm new to Aerohive.  In previous other vendor wifi implimentation this has always been an SSID level setting that spanned the entire network.  Typically used on guest networks it would prohibit one wifi client from talking to another wifi client.

I'm mainly trying to determine what "Hive-wide client isolation" really means.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
I need to update this post as the information I posted above about this only applying to a BSS is not correct.

The roaming cache, via AMRP, is used to implement this feature so you should see it applying to the ESS.

Nick
Photo of Jason

Jason

  • 2 Posts
  • 1 Reply Like
You can set it on one ap or all of them. Its part of the device template. If you create a device template and uncheck "enable interstation traffic" then any ap you assign that device template to will disable interstation traffic.
Photo of Michael Keyes

Michael Keyes

  • 3 Posts
  • 0 Reply Likes
Will a device template apply retroactively to existing devices?  If settings are made like this that are specific to the device it would be nice to be able to apply them retroactively
Photo of Jason

Jason

  • 2 Posts
  • 1 Reply Like
You can modify the device template that you currently have assigned to your ap's. Unless its the default device template. Then I believe you will need to copy the template then apply the modified copy. After you modify the template you will need to apply a delta update to the ap. You will see in the device lists an exclamation point next to each of the ap's that the delta update still needs to be applied to.