Hello, I’m trying to implement a safe wifi node for some residential clients.
90% of security issues that I have in mind are solved thanks to PPPoE-Server (authenticating, traffic shaping, dual login, etc).
But I’m dealing with an issue very important: Ethernet traffic between clients.
Let me describe a scenario:
Wifi Node RB433AH, one Ethernet port connected to my upstream provider and one wifi card as AP-Bridge.
PPPoE-Server attached to wifi card, an internet routeable pool configured in the pppoe profile and some rate limits also configured as per user basis.
At PPP an upper levels all seems ok, at least for me, no security issues relative to infrastructure architecture, each user are isolated regards to pppoe, are rate limited, single logon and user/password authentication based.
The problem I can see is the Ethernet traffic between client nodes… how to deal with it?, think that rate limit is applied in PPP, not at Ethernet level, this means that anyone can, for example, broadcast packets using all bandwith available in the wifi link!.. and what if any client start responding PPPoE requests from others clients?..
Well, I’m new in Mikrotik (this is my first week playing with the routerboard at home), sorry if this question if is very obviously.
I think the solution are arrund VLANs, but I’m not sure where’s to start.
Regards!.
RR.-
