nanog mailing list archives
Re: Big Temporary Networks
From: William Herrin <bill () herrin us>
Date: Sun, 23 Sep 2012 20:44:10 -0400
On Sun, Sep 23, 2012 at 3:50 PM, JÁKÓ András <jako.andras () eik bme hu> wrote:
Second, in the hotspot scenarios where this is likely to be a problem (in IPv4 -or- IPv6) it's addressed by the "AP isolation" feature that's getting close to omnipresent even in the low end APs. With this feature enabled, stations are not allowed to talk to each other over the wlan; they can only talk to hosts on the wired side of the lan.Not related to the original subject, neither to IPv6 usability on WLANs, just a small comment: As far as I understand "AP isolation" doesn't work if you don't have a WLAN controller but do have more than one APs. E.g. in the following setup ap1--sw1--sw2--ap2 with "AP isolation" turned on, clients associated to ap1 cannot communicate directly with other clients associated to ap1, however they can communicate directly with those associated to ap2. Broadcast from ap1's clients does also get to all clients at ap2.
Hi András, This is one place where Cisco's "switchport protected" comes in handy. Plug both APs into switches where the port is set to protected mode and neither they nor the associated clients will be able to talk to each other. You can get the same effect with other brands. For example, in one on-the-cheap 5-AP hotspot I did, I vlaned the APs (using an older 802.1q capable switch) back to a Linux bridge with "ebtables --insert FORWARD --jump DROP". The Linux bridge was also the default router out of the wlan, so anything *to* the router worked but anything that would be forwarded was dropped instead. Works great. Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: Big Temporary Networks, (continued)
- Re: Big Temporary Networks Masataka Ohta (Sep 19)
- Re: Big Temporary Networks TJ (Sep 20)
- Re: Big Temporary Networks Masataka Ohta (Sep 20)
- RE: Big Temporary Networks Tony Hain (Sep 20)
- Re: Big Temporary Networks Masataka Ohta (Sep 20)
- Re: Big Temporary Networks William Herrin (Sep 21)
- Re: Big Temporary Networks Masataka Ohta (Sep 21)
- Re: Big Temporary Networks William Herrin (Sep 21)
- Re: Big Temporary Networks Masataka Ohta (Sep 22)
- Re: Big Temporary Networks JÁKÓ András (Sep 23)
- Re: Big Temporary Networks William Herrin (Sep 23)
- Re: Big Temporary Networks JÁKÓ András (Sep 24)
- Message not available
- Re: Big Temporary Networks Måns Nilsson (Sep 16)
- Re: Big Temporary Networks Måns Nilsson (Sep 14)
- Re: Big Temporary Networks Jeroen Massar (Sep 14)
- Re: Big Temporary Networks Jay Ashworth (Sep 14)
- Re: Big Temporary Networks Brandon Ross (Sep 14)
- Re: Big Temporary Networks Mikael Abrahamsson (Sep 14)
- Re: Big Temporary Networks Nick Hilliard (Sep 14)
- Re: Big Temporary Networks Nat Morris (Sep 14)
- Re: Big Temporary Networks Nick Hilliard (Sep 14)