Linksys WG54G - allowing wireless-to-wireless traffic

A customer of mine has a Linksys WAG54G wireless router at home, configured
by his company.

We were trying to set up a shared printer queue so one PC can print to a
printer on another PC (both connected by wireless). It fails, and the two
PCs can't even ping each other. The PCs can all access the web fine.

It would seem that wireless isolation is enabled, preventing
wireless-to-wireless communication... but neither of us could find any
setting on the router's web interface that controls this. (I know exactly
how to turn this on or off for a Netgear DG834GT, but it's evidently hidden
away on the Linksys.)

The user manual ftp://ftp.linksys.com/pdf/wag54g-ug.pdf doesn't contain any
matches on "wireless isolation" or "wireless to wireless". Nor does the
Linksys knowledge base contain the phrases or any FAQ about "one wireless PC
can't access another wireless PC".

Should it matter that he's got MAC address filtering enabled, to only allow
PCs with specific MAC addresses to talk to the router?


Anyone got any suggestions?

In article <42977fc9$0$39055$(E-Mail Removed)>,
Martin Underwood says...

> Should it matter that he's got MAC address filtering enabled, to only allow
> PCs with specific MAC addresses to talk to the router?
>
Just a little.


--
Conor

"Of all the things I've lost, I miss my mind the most." O.Osbourne.

"Conor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) t...
> In article <42977fc9$0$39055$(E-Mail Removed)>,
> Martin Underwood says...
>
>> Should it matter that he's got MAC address filtering enabled, to only
>> allow
>> PCs with specific MAC addresses to talk to the router?
>>
> Just a little.

So are you saying that if the router is set to talk only to specific
wireless MAC addresses, then a PC with one of those MAC addresses can't talk
to a PC with another of those MAC addresses, via the router?

In article <42978922$0$573$(E-Mail Removed)>, Martin
Underwood says...
> "Conor" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) t...
> > In article <42977fc9$0$39055$(E-Mail Removed)>,
> > Martin Underwood says...
> >
> >> Should it matter that he's got MAC address filtering enabled, to only
> >> allow
> >> PCs with specific MAC addresses to talk to the router?
> >>
> > Just a little.
>
> So are you saying that if the router is set to talk only to specific
> wireless MAC addresses, then a PC with one of those MAC addresses can't talk
> to a PC with another of those MAC addresses, via the router?
>
No, I'm saying that a router will only allow traffic through it from
MAC addresses it has been told to allow.

For example:

Router set to talk to:

00-00-00-00-00-01
00-00-00-00-00-02

Along comes another PC with a Wifi card with MAC address
00-00-00-00-00-03. Router will not talk to it.

TBH it sounds like its the blind leading the blind. You're blindly
stumbling around trying to figure out whats wrong.

Solve the problem logically and in small steps.

Disconnect the internet access - THIS IS IMPORTANT TO SAVE YOUR PCS
FROM BEING HACKED WHILST YOU DO THE FOLLOWING.

Disable ALL firewalls (on the PCs and router) and MAC address filtering
as well as disabling WEP/WPA.

Start by enabling firewalls and see if everything works. Remembe you'll
need to configure the firewall, including WinXP built in one, to allow
File and Printer Sharing.

If that works, turn on WEP/WPA.

If that then works, turn on MAC address filtering.

If all the above are now working then you've sorted it and can
reconnect to the net. If it falls over at any stage, you know where to
concentrate.

--
Conor

"Of all the things I've lost, I miss my mind the most." O.Osbourne.

"Conor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) t...
> In article <42978922$0$573$(E-Mail Removed)>, Martin
> Underwood says...
>> "Conor" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) t...
>> > In article <42977fc9$0$39055$(E-Mail Removed)>,
>> > Martin Underwood says...
>> >
>> >> Should it matter that he's got MAC address filtering enabled, to only
>> >> allow
>> >> PCs with specific MAC addresses to talk to the router?
>> >>
>> > Just a little.
>>
>> So are you saying that if the router is set to talk only to specific
>> wireless MAC addresses, then a PC with one of those MAC addresses can't
>> talk
>> to a PC with another of those MAC addresses, via the router?
>>
> No, I'm saying that a router will only allow traffic through it from
> MAC addresses it has been told to allow.
>
> For example:
>
> Router set to talk to:
>
> 00-00-00-00-00-01
> 00-00-00-00-00-02
>
> Along comes another PC with a Wifi card with MAC address
> 00-00-00-00-00-03. Router will not talk to it.


Yes, I realise that: I thought my original question and my request for
clarification made it quite clear that I know how MAC address filtering
works. The PCs that will not talk to each other are ones whose MAC addresses
are on the "allow" list. They can access the internet OK, so it doesn't look
like a routing problem.

Everything on the private LAN side of the router (whether connected by
wireless or Ethernet) is deemed to be connected by a switch, isn't it? So I
don't think routing tables and the firewall are involved.

As I understand it, all private devices should be able to talk to each
other, no matter whether they are wireless or wired, as long as:

1) they are on the "allow" list of MACs (if this feature is enabled)
2) wireless isolation (wireless-to-wireless) is not enabled


> TBH it sounds like its the blind leading the blind. You're blindly
> stumbling around trying to figure out whats wrong.
>
> Solve the problem logically and in small steps.
>
> Disconnect the internet access - THIS IS IMPORTANT TO SAVE YOUR PCS
> FROM BEING HACKED WHILST YOU DO THE FOLLOWING.
>
> Disable ALL firewalls (on the PCs and router) and MAC address filtering
> as well as disabling WEP/WPA.
>
> Start by enabling firewalls and see if everything works. Remembe you'll
> need to configure the firewall, including WinXP built in one, to allow
> File and Printer Sharing.
>
> If that works, turn on WEP/WPA.
>
> If that then works, turn on MAC address filtering.
>
> If all the above are now working then you've sorted it and can
> reconnect to the net. If it falls over at any stage, you know where to
> concentrate.

Yes, once I've eliminated the most obvious cause of PCs not being able to
ping each other over wireless when they can quite happily access the
internet - namely wireless isolation - then it's time to remove all security
hurdles (eg MAC filtering, wireless encryption, firewall) and gradually
reapply them one at a time.

My first test would be to see whether wired PCs can communicate with each
other. If this worked, I'd see if a wired and a wireless device (with a
permitted MAC) could communicate.

But first: whereabouts on the Linksys WAG54G is wireless isolation
enabled/disabled? That was my main question?

Martin Underwood wrote:
> "Conor" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) t...
>
>>In article <42978922$0$573$(E-Mail Removed)>, Martin
>>Underwood says...
>>
>>>"Conor" <(E-Mail Removed)> wrote in message
>>>news:(E-Mail Removed) .net...
>>>
>>>>In article <42977fc9$0$39055$(E-Mail Removed)>,
>>>>Martin Underwood says...
>>>>
>>>>
>>>>>Should it matter that he's got MAC address filtering enabled, to only
>>>>>allow
>>>>>PCs with specific MAC addresses to talk to the router?
>>>>>
>>>>
>>>>Just a little.
>>>
>>>So are you saying that if the router is set to talk only to specific
>>>wireless MAC addresses, then a PC with one of those MAC addresses can't
>>>talk
>>>to a PC with another of those MAC addresses, via the router?
>>>
>>
>>No, I'm saying that a router will only allow traffic through it from
>>MAC addresses it has been told to allow.
>>
>>For example:
>>
>>Router set to talk to:
>>
>>00-00-00-00-00-01
>>00-00-00-00-00-02
>>
>>Along comes another PC with a Wifi card with MAC address
>>00-00-00-00-00-03. Router will not talk to it.
>
>
>
> Yes, I realise that: I thought my original question and my request for
> clarification made it quite clear that I know how MAC address filtering
> works. The PCs that will not talk to each other are ones whose MAC addresses
> are on the "allow" list. They can access the internet OK, so it doesn't look
> like a routing problem.
>
> Everything on the private LAN side of the router (whether connected by
> wireless or Ethernet) is deemed to be connected by a switch, isn't it? So I
> don't think routing tables and the firewall are involved.
>
> As I understand it, all private devices should be able to talk to each
> other, no matter whether they are wireless or wired, as long as:
>
> 1) they are on the "allow" list of MACs (if this feature is enabled)
> 2) wireless isolation (wireless-to-wireless) is not enabled
>
>
>
>>TBH it sounds like its the blind leading the blind. You're blindly
>>stumbling around trying to figure out whats wrong.
>>
>>Solve the problem logically and in small steps.
>>
>>Disconnect the internet access - THIS IS IMPORTANT TO SAVE YOUR PCS
>>FROM BEING HACKED WHILST YOU DO THE FOLLOWING.
>>
>>Disable ALL firewalls (on the PCs and router) and MAC address filtering
>>as well as disabling WEP/WPA.
>>
>>Start by enabling firewalls and see if everything works. Remembe you'll
>>need to configure the firewall, including WinXP built in one, to allow
>>File and Printer Sharing.
>>
>>If that works, turn on WEP/WPA.
>>
>>If that then works, turn on MAC address filtering.
>>
>>If all the above are now working then you've sorted it and can
>>reconnect to the net. If it falls over at any stage, you know where to
>>concentrate.
>
>
> Yes, once I've eliminated the most obvious cause of PCs not being able to
> ping each other over wireless when they can quite happily access the
> internet - namely wireless isolation - then it's time to remove all security
> hurdles (eg MAC filtering, wireless encryption, firewall) and gradually
> reapply them one at a time.
>
> My first test would be to see whether wired PCs can communicate with each
> other. If this worked, I'd see if a wired and a wireless device (with a
> permitted MAC) could communicate.
>
> But first: whereabouts on the Linksys WAG54G is wireless isolation
> enabled/disabled? That was my main question?
>
>
Up to f/ware 1.02.7.03 it doesn't exist.

"NBT" <(E-Mail Removed)> wrote in message
news:d79h37$rfi$(E-Mail Removed)...
> Martin Underwood wrote:
>> But first: whereabouts on the Linksys WAG54G is wireless isolation
>> enabled/disabled? That was my main question?
> Up to f/ware 1.02.7.03 it doesn't exist.

Thanks. Having eliminated that as a cause I can concentrate on the other
things - like has he *really* configured Norton on each PC to treat local
traffic on his 192.168.x.x subnet as "friendly" and not apply firewall
filtering.

It had been a long day: it's surprising how you can focus on one cause and
only think of other possible causes after you've left and the pressure is
off!

In article <42984a28$0$39055$(E-Mail Removed)>,
Martin Underwood says...
> "NBT" <(E-Mail Removed)> wrote in message
> news:d79h37$rfi$(E-Mail Removed)...
> > Martin Underwood wrote:
> >> But first: whereabouts on the Linksys WAG54G is wireless isolation
> >> enabled/disabled? That was my main question?
> > Up to f/ware 1.02.7.03 it doesn't exist.
>
> Thanks. Having eliminated that as a cause I can concentrate on the other
> things - like has he *really* configured Norton on each PC to treat local
> traffic on his 192.168.x.x subnet as "friendly" and not apply firewall
> filtering.
>
I think life will be a whole lot easier if norton was taken out of the
picture.

--
Conor

"Of all the things I've lost, I miss my mind the most." O.Osbourne.

Martin Underwood wrote:
> "NBT" <(E-Mail Removed)> wrote in message
> news:d79h37$rfi$(E-Mail Removed)...
>
>>Martin Underwood wrote:
>>
>>>But first: whereabouts on the Linksys WAG54G is wireless isolation
>>>enabled/disabled? That was my main question?
>>
>>Up to f/ware 1.02.7.03 it doesn't exist.
>
>
> Thanks. Having eliminated that as a cause I can concentrate on the other
> things - like has he *really* configured Norton on each PC to treat local
> traffic on his 192.168.x.x subnet as "friendly" and not apply firewall
> filtering.
>
> It had been a long day: it's surprising how you can focus on one cause and
> only think of other possible causes after you've left and the pressure is
> off!
>
>
Since his company set it up I presume he is using VPN.Suggest you look
at this and whether he is allowed LAN access.