What I like about connection users through PPPoE is that automatic subnet is created for user, so he cannot see anything on the network except router, and all his connections must go through the router.
That allows using client isolation on AP (which is a must for any open access network)
I run small community network and I am experimenting with MT as possible solution for centralizesd user management. I would like to achieve similar effect but without using PPPoE or any kind of tunneling.
Goal is to use client isolation on AP, but to provide means that each user can connecto to others (through router), even if they are on the same Access Point.
hmm.. well the reason why u use PPPoE is because it is point to point - server to client.
I guess if you REALLY dont want to use it, the only real alternative would be to put each CPE into a dedicated VLAN… Your CPE would need to support VLANs obviously…
i am using SmartBridges AP, this AP have disable port forwarding, and make this goal, in the radio. in MK have the same solutions but need put the PCI card radio inside the PC.
is you are using exernal radio AP, i don´t know you can easy make this goal.
But DHCP allocates to remote ends. To have the remove end in a dedicated VLAN, or dedicated Subnet (of any sort), configurations are required on BOTH sides of the link. Your MT needs to have a IP Alias in the same subnet as the subnet you are allocating to the client.
There is no tools (to my knowledge) that does these kind of configurations automatically on MT itself, it could possibly be done at the client. Forgive me if I’m wrong, but I also don’t believe you can assign a VLAN via DHCP. Once the DHCP request reaches the server, it is already broadcasting packets outside of the VLAN…
O, for the clarificain we are talking in theory, since it is very likely I cannot do what I need using MT.
Second, I do not need VLAN, I am talking just about subneting.
I am just hoping that someone may come up with some magical idea how to accomplish this.
Problemis this: I run AP with client isolation. This means clients connected to AP canot conect to eachother even if they belong tothe same subnet. I need to allow them to connect to each other (but client isolationon AP must be turned on for security reasons).
What wold hel is to set each user in his own subnet where client is onemember of the net and MT is other member. That would allow me to route all connections through MT and make connections among clients that way.
I know DHCP is for client side, but i suppose if would be possible tointroduce option to MT to specify, if user asks for IP he gets his own subnet IP (/32) and MT interface which one client is coming through also gets IP in that same subnet.
Actualy, if there is an OnDHCPLease event it probably could be possible to script something out.
