Community discussions

MikroTik App
 
billybons2006
just joined
Topic Author
Posts: 21
Joined: Fri Jun 27, 2014 11:43 am

Filter clients traffic (CAPsMAN managed)

Thu Apr 22, 2021 3:13 pm

Hello everybody!
RB3011 (Capsman) and APs (AP1 etc)

CAPsMAN:
datapath.client-to-client-forwarding=yes
local forwarding option not set

Client A connected to AP1 with MAC: aa:bb:cc:dd:ee:ff

On AP1 torch see protocols ip traffic in manage network (to/from APs, RB3011), 8899, 88bb, 88bc. If I run speedtest on client, torch see that on 88bc protocol speed similar speedtest.
Q1) as I think 88bc and similar is tunnel to CAPsMAN - yes?

On RB3011:
I can filter traffic from client to any IP-address in OTHER networks. This is simple to understand - traffic routed through router.
But how can I filter traffic between clients, connected to the same AP? to different AP?
Torch, select interface of AP, where is client now and I can see client traffic (for example, I see that client1 ping client2). But I completely don't understand where I can filter this. From strange reason ip firewall on RB3011 can't filter client1 from client2.
Q2) how to filter traffic of wireless clients, connected to the same AP or to different APs, when clients are in one VLAN/bridge?

Add: viewtopic.php?t=16494
A bridge firewall will not help if the clients are all on the same layer 2 network. If an IP stack determines that the destination host is on the same segment, it will do an ARP broadcast and get the Mac address of the host with that destination IP address on the segment. The packet can then be sent directly to the destination. The bridge firewall will not be involved.
Is it true? I can't filter such traffic?

Who is online

Users browsing this forum: TheCondor and 35 guests