Yes, you can disable communication between ports on some switches.I have been told that since my hotspot users are getting Private IPs from the DHCP server, they all have the same subnet mask. As a result, there is no way to keep users isolated from one another. Of course, if I use an AP that has the "disable client-to-client communications" then it will work. But I am trying to provide an extra security to the end users if I use a wired solution. Any thoughts??
139/TCPIs this mean I must disable port 137-139?
I think there is some missunderstanding !!!139/TCPIs this mean I must disable port 137-139?
yes, for example, this will deny SMB/CIFS connections. perhaps with action reject, not drop.
sorry if dont understand the problem. but IMHO something likeI think there is some missunderstanding !!!
Mag, please tell/write us exactly firewall rule , wich will disable communications between HOTSPOT clients at same ethernet/wireless interface.
add dst-address=:139 in-interface=hotspot protocol=tcp action=reject add dst-address=:137-138 in-interface=hotspot protocol=udp action=reject
sorry, but AFAIK if direct layer 2 communication is disabled, every connection would go through the AP. considering the packet flow diagram, it should be working.Traffic between hosts in one ip network generally will not pass trough gateway, in our case hotspot interface of MAT router. Hosts will communicate directly to each other.
And this is why your rules will never count a single byte.
/interface wireless set hotspot default-forwarding=no