Hi,
is there a way to seperate the hotspot clients from each other.
Other vendors call ist "Layer 2 Isolation" which means no ping, scan, hack from one hotspot client to the other is possible.
Is there such a feature in MT ?
Thanks
seandsl
--
-
-
wildbill442
Forum Guru
- Posts: 1055
- Joined:
- Location: Sacramento, CA
just setup your firewall rules so that all that traffic gets dropped..
Make a new firewall chain, and put a jump rule in the forward chain..
EDIT
Sorry, firewalling wont entirely do what you're trying to achieve, you'd need to use one of the solutions provided below.
Make a new firewall chain, and put a jump rule in the forward chain..
EDIT
Sorry, firewalling wont entirely do what you're trying to achieve, you'd need to use one of the solutions provided below.
Last edited by wildbill442 on Sun Apr 03, 2005 11:22 am, edited 1 time in total.
I do not know, what other vendors say, I will just tell, what can be done theoretically on the Ethernet network, and what can not. Ethernet is a big mess when it comes to traffic control. Using regular equipment there is no way you can separate those users, as most hubs/switches are designed to connect networks, not just two preconfigured hosts (i think most of us would not like to have a switch which is only letting traffic to pass between two hardwired ports). Usually it is solved using one of the following paths (and both are supported by RouterOS):
1. Make individual virtual connections (tunnels) for every user to connect to the router. That way, no IP traffic is broadcasting to the network, and usually this means that users are considered separate. An example of this is PPPoE, which is supported by Routeros
2. If there is any unit of equipment which has the users physically separated (for example, a switch has each of the users connected with a separate wire), it may have an option to preserve this separation further, This is usually called VLAN technology, and although it was supposed to be used to separate networks, it can also be used to form an individual tunnel for each of the users. VLAN support is also present in RouterOS
1. Make individual virtual connections (tunnels) for every user to connect to the router. That way, no IP traffic is broadcasting to the network, and usually this means that users are considered separate. An example of this is PPPoE, which is supported by Routeros
2. If there is any unit of equipment which has the users physically separated (for example, a switch has each of the users connected with a separate wire), it may have an option to preserve this separation further, This is usually called VLAN technology, and although it was supposed to be used to separate networks, it can also be used to form an individual tunnel for each of the users. VLAN support is also present in RouterOS
Client Isolation
I am using hotspot to authenticate all of my users. I have the following setup:
MT -- 5 port switch -- (3) Smartbridge APs
I have disabled the client-to-client communications directly in the APs, but this does not prohibit a client of the one AP to communicate with a user of another.
How can I isolate all of the users? Can I use VLANs? How would that be implemented? VLAN switch? As long as I can isolate communications from AP to AP, then all of the users would be isolated.
Thoughts??? Thanks
MT -- 5 port switch -- (3) Smartbridge APs
I have disabled the client-to-client communications directly in the APs, but this does not prohibit a client of the one AP to communicate with a user of another.
How can I isolate all of the users? Can I use VLANs? How would that be implemented? VLAN switch? As long as I can isolate communications from AP to AP, then all of the users would be isolated.
Thoughts??? Thanks