Client Isolation

electravis · August 23, 2010, 6:07pm

I am trying to do client Isolation on wireless AP. I have tried tunring off Default Forward but my computers can still communicate with each other. I use other aps and when I trun on client isolation then the machines can no longer communcate with each other.

blake · August 23, 2010, 11:33pm

Can you give a bit more detail on your setup? Are all of the clients on a single AP card? Are you authenticating users in /interface wireless access-list? If so, you’ll need to set forwarding=no on those entries as well.

electravis · August 24, 2010, 1:08pm

Yes all the clients are on one wireless card. I am not authenticating wireless users is this soemthing I should be setting up? The users can not see each other in network neighborhood but if I know what there IP address is I am able to get to there machine. Also not sure if it matters or not for this but I do have my wlan and lan bridged togther.

blake · August 24, 2010, 2:02pm

That’s your problem. The clients are able to see each other through the bridge interface and thus circumvent default-forwarding=no on your wireless card.

Are these clients laptops / end-user devices, or other MikroTik CPE? If CPE, you may be able to get around this by using WDS on the CPE (mode=station-wds), creating static WDS interfaces on the AP for each client, assigning them to the bridge, and setting a horizon value on each WDS interface.

Haven’t tested this so I’m not sure.

electravis · August 27, 2010, 2:20pm

This are laptops that are connecting to the AP. If I dont have it seup as a bridge I am unable to get the laptops to pull dhcp from the gateway. Is there something I am just missing?

blake · August 27, 2010, 5:19pm

Can you explain your network’s physical layout? That would assist me in debugging your problem.

electravis · August 27, 2010, 6:41pm

Try to best expaling this..

I have a mikrotik installed as a gateway all of its lan ports are bridged togther. It has very basic funtioning setup.

Next I have a mikrotik setup as an AP plugged directly into the GW. I foolwed this sidrection to setup the ap .1 accessing the mikroTik AP my only difference is I dont have dual wlan.

http://www.wi-pipe.com/userfiles/File/Database/MikroTik%20AP%20Setup.pdf

This worked great other then the client isolation is not working for the wireless clients.

Thanks again..