but you do realize that it’s not exactly the most secure thing sending wireless in the first place, right?
pppoe using 128bit encoding, over a 802.11a radio with nstream, running WPA2 AES encryption with a 10-14 character random character key
and if that’s not good enough, you can:
use EAP/TLS
use IPSec
tunnel through a VPN…
do you really ever need it to be more secure then that?
But my point was regarding MAC broadcast where as a suggestion I had mentioned using MAC broadcast to the internal machines, where another user said that would be more insecure due to promiscuous mode. I was pointing out that it’s not much less secure than what most of us use. And if you’re tunnelling w/ encryption to each of the machines inside of the network, what difference would broadcasting all the packets make anyhow? If you’re only encrypting to the radio, what is to stop a user from simply passively tapping a network wire or whatnot vs having a specified MAC address and relying on a network switch to segment users via MAC address. IF you’re encrypting end to end (IPSEC, PPtP) then what difference does it make anyhow?
In addition, if you’re not encrypting, if you had a VLAN switch, couldn’t the VLAN tags still direct the broadcast packets while it goes through the switch, even with broadcast MAC?
PPPoE for clients that are placed behind the station that is bridging with WDS? If so, add a simple bridge filter in the forward chain on the WDS-station that only passes pppoe-discovery and pppoe-session frames. That’ll stop your customers from communicating directly with each other and force them to go through your central PPPoE server. If you’re really careful and want to make sure a customer does not set up his own PPPoE server within your bridged cloud, add a rule that checks the frames destination MAC against your PPPoE server’s MAC address so they can only talk PPPoE to your server and no others.
–Tom