Well, I was in search for blocking the client to client traffic for a while ago and I gave up.
One of the ISPs here does the following. DHCP assigns an IP and a gateway to the customer. But the gateway is virtual and is -1 of the users IP address. Its like
192.168.178.50 ----> clients IP address
192.168.178.49 ----> Virtual Gateway
Client only communicates with the 192.168.178.49 due to the /30 subnet. and the virtual gateway only communicates with the real router.
WAN Router -----> Virtual GW ------> Client
So the client gets completely isolated from the others.
Do you know how to implement such kind of networking environment or is there a manual for it for MT ?
Well client to client traffic can easily* be managed via a wireless interface simply by disabling the intra communication option… as for wired networks, sad to say; a managed switched is required that has features like port security and more important vlans. example: Cisco catalyst 2900+ …
The latter is for obvious reasons … (layers)
Im not so much fam. with the virt. gateway proposal… but hey if isolation/security is that important to you, you can always use a direct tunneling protocol such as pppoe.
Currently Im using Mt as a standalone AAA Server with hotspot enabled. AP is a ZCOMAX 1500HP. Do you say that If i use Routerboards as an AP, I can disable client to client traffic in the wireless environment ?
Create a chain of /30 pools, and have each pool refernce the next pool.
It would take forever to set up all the pools, but you could write a script to do it for you.