nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Big Temporary Networks

From: JÁKÓ András <jako.andras () eik bme hu>
Date: Mon, 24 Sep 2012 09:04:07 +0200 (CEST)
just a small comment: As far as I understand "AP isolation" doesn't work
if you don't have a WLAN controller but do have more than one APs. E.g. in
the following setup

ap1--sw1--sw2--ap2

with "AP isolation" turned on, clients associated to ap1 cannot
communicate directly with other clients associated to ap1, however they
can communicate directly with those associated to ap2. Broadcast from
ap1's clients does also get to all clients at ap2.


Hi András,

This is one place where Cisco's "switchport protected" comes in handy.


Yes, but only as long as all APs are connected to the same switch, as I 
understand. (That's why I put two switches in the example above.)


You can get the same effect with other brands. For example, in one
on-the-cheap 5-AP hotspot I did, I vlaned the APs (using an older
802.1q capable switch) back to a Linux bridge with "ebtables --insert
FORWARD --jump DROP". The Linux bridge was also the default router out
of the wlan, so anything *to* the router worked but anything that
would be forwarded was dropped instead. Works great.


Nice, that should do the trick with multiple switches too.

Regards,
András
Previous By Date Next
Previous By Thread Next

Current thread: