Client to Client hotspot isolation

Discussion in 'Wireless Internet' started by Jeff Liebermann, Feb 23, 2005.

  1. In a past thread, the topic of client to client isolation at a hotel
    hot spot was discussed. A method of using IP routing to isolate
    wireless clients was offered by Floyd L. Davidson in:
    using a Linksys WRT54G wireless router. I installed Sveasoft Sartori
    in my WRT54G v1.1 and tinkered with the route commands until it
    resembled those in the example. At the IP level, everything worked
    exactly as described. So far so good.

    However, there was a problem. If I installed the Netbeui protocol in
    my two test laptops, I could still communicate between clients. I
    suspect I could do the same with IPX/SPX. In addition, if I manually
    assigned IP addresses and left the default gateway blank in the two
    test laptops, I could again communicate between laptops, but not
    connect to the internet through the router.

    At this point, the IP route method will sufficiently isolate the
    clients from each other to prevent propogation of worms and virus's,
    but not prevent theft of bandwidth by typically gamers. This is not a
    problem with the typical indoor hotspot, but is an issue with outdoor
    hotspots.

    Something was apparently different between the recommended setup and
    mine. So, I asked on another mailing list and was directed to a
    mis-named setting called "AP Isolation".
    Wireless -> Advanced Wireless Settings -> AP Isolation
    This appears in both Sartori and the stock Linksys firmware. I had
    seen this setting but ignored it because I assumed[1] that it was for
    isolating multiple access points, and not for isolating clients.

    The help file proclaims that AP Isolation:
    Creates a separate virtual network for your wireless network.
    When this feature is enabled, each of your wireless client
    will be in its own virtual network and will not be able to
    communicate with each other. You may want to utilize this
    feature if you have many guests that frequent your wireless
    network.
    which methinks does the trick at the bridging (MAC) level. By
    enabling AP Isolation and resetting the routing table and clients to
    defaults, I was unable to communicate between test laptops no matter
    what trickery I attempted. It works.

    [1] Assumption, the mother of all screwups.
     
    Jeff Liebermann, Feb 23, 2005
    #1
    1. Advertisements

  2. Jeff Liebermann

    bumtracks Guest

    Use a Compex (( cpx.com )) Router here that has a feature they call
    "Wireless Pseudo VLAN" - Settings tables "per-node" or per-group".

    This page, http://www.cpx.com/documents.asp?d=White+Papers has a consumer
    briefer on their WIRELESS ISOLATION link, whilst a little dated may be of
    interest.
     
    bumtracks, Feb 24, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.