It's not Cisco, but applying an ACL on the controller to block access to the local subnet might work: https://community.extremenetworks.com/extreme/topics/block_mu_to_mu_traffic_ap_filter_rule
Sent from my Samsung device -------- Original message -------- From: Oliver Elliott <oliver.elli...@bristol.ac.uk> Date: 2015/07/08 19:00 (GMT+08:00) To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Peer-to-peer traffic blocking with multiple controllers Hi all We have a Cisco WiSM2 based wireless system here in Bristol which is steadily growing. Cisco offer a feature on their controllers called "Peer to Peer Blocking", which serves to prevent clients talking to each other. This works great if you only have a single controller, however we have 4 pairs in HA, so a client can readily see clients that happen to be on a different controller. The only solution to this that I can see is to use VACLs/Private VLANs on the host Cisco 6500s, but this may have a drastic CPU and/or performance impact on the router. Has anyone else run into this problem and discovered an elegant solution for it? Oli -- Oliver Elliott Senior Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk<mailto:oliver.elli...@bristol.ac.uk> t: 0117 39 (41131) ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.