1. Home
  2. Wireless Networking
  3. Client to Client hotspot isolation

Client to Client hotspot isolation

In a past thread, the topic of client to client isolation at a hotel hot spot was discussed. A method of using IP routing to isolate wireless clients was offered by Floyd L. Davidson in: news: snipped-for-privacy@barrow.com using a Linksys WRT54G wireless router. I installed Sveasoft Sartori in my WRT54G v1.1 and tinkered with the route commands until it resembled those in the example. At the IP level, everything worked exactly as described. So far so good.

However, there was a problem. If I installed the Netbeui protocol in my two test laptops, I could still communicate between clients. I suspect I could do the same with IPX/SPX. In addition, if I manually assigned IP addresses and left the default gateway blank in the two test laptops, I could again communicate between laptops, but not connect to the internet through the router.

At this point, the IP route method will sufficiently isolate the clients from each other to prevent propogation of worms and virus's, but not prevent theft of bandwidth by typically gamers. This is not a problem with the typical indoor hotspot, but is an issue with outdoor hotspots.

Something was apparently different between the recommended setup and mine. So, I asked on another mailing list and was directed to a mis-named setting called "AP Isolation". Wireless -> Advanced Wireless Settings -> AP Isolation This appears in both Sartori and the stock Linksys firmware. I had seen this setting but ignored it because I assumed[1] that it was for isolating multiple access points, and not for isolating clients.

The help file proclaims that AP Isolation: Creates a separate virtual network for your wireless network. When this feature is enabled, each of your wireless client will be in its own virtual network and will not be able to communicate with each other. You may want to utilize this feature if you have many guests that frequent your wireless network. which methinks does the trick at the bridging (MAC) level. By enabling AP Isolation and resetting the routing table and clients to defaults, I was unable to communicate between test laptops no matter what trickery I attempted. It works.

[1] Assumption, the mother of all screwups.
Reply to
Jeff Liebermann
Loading thread data ...

Use a Compex (( cpx.com )) Router here that has a feature they call "Wireless Pseudo VLAN" - Settings tables "per-node" or per-group".

This page,

formatting link
has a consumer briefer on their WIRELESS ISOLATION link, whilst a little dated may be of interest.

Reply to
bumtracks

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.