RB3011 (Capsman) and APs (AP1 etc)
CAPsMAN:
datapath.client-to-client-forwarding=yes
local forwarding option not set
Client A connected to AP1 with MAC: aa:bb:cc:dd:ee:ff
On AP1 torch see protocols ip traffic in manage network (to/from APs, RB3011), 8899, 88bb, 88bc. If I run speedtest on client, torch see that on 88bc protocol speed similar speedtest.
Q1) as I think 88bc and similar is tunnel to CAPsMAN - yes?
On RB3011:
I can filter traffic from client to any IP-address in OTHER networks. This is simple to understand - traffic routed through router.
But how can I filter traffic between clients, connected to the same AP? to different AP?
Torch, select interface of AP, where is client now and I can see client traffic (for example, I see that client1 ping client2). But I completely don't understand where I can filter this. From strange reason ip firewall on RB3011 can't filter client1 from client2.
Q2) how to filter traffic of wireless clients, connected to the same AP or to different APs, when clients are in one VLAN/bridge?
Add: viewtopic.php?t=16494
Is it true? I can't filter such traffic?A bridge firewall will not help if the clients are all on the same layer 2 network. If an IP stack determines that the destination host is on the same segment, it will do an ARP broadcast and get the Mac address of the host with that destination IP address on the segment. The packet can then be sent directly to the destination. The bridge firewall will not be involved.