Community discussions

MUM Europe 2020
 
p0rkch0p
just joined
Topic Author
Posts: 13
Joined: Mon Mar 14, 2005 5:01 am

hotspot client to client isolation

Wed Apr 25, 2007 10:57 am

hello good day fellow MT users, i have a RB532 box that im using as a router and a hotspot. everything is working good and well. i was just wondering if i could set client isolation on the hotspot network. [ i don't have a built-in AP on the RB532 box] so i can't disable the default forwarding feature on the wlan.

is this possible without the built-in wireless AP device/?

Thank you
 
User avatar
chvdr
Member
Member
Posts: 403
Joined: Thu Sep 22, 2005 8:53 pm

Re: hotspot client to client isolation

Wed Apr 25, 2007 2:21 pm

hello good day fellow MT users, i have a RB532 box that im using as a router and a hotspot. everything is working good and well. i was just wondering if i could set client isolation on the hotspot network. [ i don't have a built-in AP on the RB532 box] so i can't disable the default forwarding feature on the wlan.

is this possible without the built-in wireless AP device/?

Thank you
yes, you can. make ip-binding and use type=blocked.
futhermore, try
this manual for any other information.

Regards,
C. G.
 
p0rkch0p
just joined
Topic Author
Posts: 13
Joined: Mon Mar 14, 2005 5:01 am

ip binding = block

Thu Apr 26, 2007 1:43 am

hello,

what do you mean by try ip binding = block, i don't want to block clients. what i want to do is not let clients see each other on the wifi lan network.

i also use ip binding for bypass purposes.

thank you
 
User avatar
balimore
Forum Veteran
Forum Veteran
Posts: 892
Joined: Mon Apr 10, 2006 3:38 am

Re: ip binding = block

Thu Apr 26, 2007 3:25 am

hello,

what do you mean by try ip binding = block, i don't want to block clients. what i want to do is not let clients see each other on the wifi lan network.

i also use ip binding for bypass purposes.


thank you
-----
yup
by bypass away mean as the client will get your internet connection without authentication....

regards
Hasbullah.com
----
 
User avatar
nazadnan2003
newbie
Posts: 31
Joined: Tue Sep 05, 2006 10:12 am
Location: Iraq
Contact:

Re: hotspot client to client isolation

Sat Apr 28, 2007 10:56 am

is this possible without the built-in wireless AP device/?
Hi:
I have the same situation in my network it is very important to me to isolate my clients from each other because I think it is the suitable solution for my nightmare (MAC Spoofing) (MAC Cloning)
 
User avatar
chvdr
Member
Member
Posts: 403
Joined: Thu Sep 22, 2005 8:53 pm

Re: hotspot client to client isolation

Sat Apr 28, 2007 1:29 pm

is this possible without the built-in wireless AP device/?
Hi:
I have the same situation in my network it is very important to me to isolate my clients from each other because I think it is the suitable solution for my nightmare (MAC Spoofing) (MAC Cloning)
no, you can't. if customers are in one lan segment.
you can do that with layer3 router or even some bridge. and isolated customers have to be in DIFFERENT INTERFACE on it. futher info you can find on manual/wiki.

regards,
C. G.
 
trottolino1970
Member Candidate
Member Candidate
Posts: 192
Joined: Thu May 17, 2007 4:25 pm
Contact:

Re: hotspot client to client isolation

Fri Feb 29, 2008 11:11 pm

is this possible without the built-in wireless AP device/?
Hi:
I have the same situation in my network it is very important to me to isolate my clients from each other because I think it is the suitable solution for my nightmare (MAC Spoofing) (MAC Cloning)
no, you can't. if customers are in one lan segment.
you can do that with layer3 router or even some bridge. and isolated customers have to be in DIFFERENT INTERFACE on it. futher info you can find on manual/wiki.

regards,
C. G.



I have the same problem is that my clients are folders shared between them even if the pppoe is active. How do I stop this?
 
User avatar
smurphy
Member Candidate
Member Candidate
Posts: 103
Joined: Wed Feb 06, 2008 6:48 pm
Location: Clermont / France
Contact:

Re: hotspot client to client isolation

Sat Mar 01, 2008 9:38 pm

Hmmm...

what shall I say. You can - but that involves quite heavy configuration on the router.
Just make sure that every client is using a /30 subnet - and apply separation filter rules on these subnets, especially forward/out-interface rules.

It's a PITA to configure - but it is the only suitable solution.

For WLan's - the SGS4xx Series firewalls is using exactly what you want - using the so called Mac-Address assignment.
E.g. - it publishes it's own MAC for any request coming from the WLan on the network, and applies mac-based security based on the configuration. The easiest however is to force every user to use a VPN, to secure the network. However not really suitable for that.

And - no. I have never done such things on routerOS.
I am on my first configuration of RouterOS - where I actually only separate subnets on the Ethernet Ports.
WLan is open, not routed. Only possibility to gain access to the network there is using OpenVPN which is bridged to the internal LAN of the RB153...

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], robertkjonesjr and 114 guests