Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Re: Cisco Wireless - Client hidden from each other possible ?

Reply
Thread Tools

Re: Cisco Wireless - Client hidden from each other possible ?

 
 
Uli Link
Guest
Posts: n/a
 
      07-15-2006
Merv schrieb:
> check out protect port command on bridge group
>
> bridge-group <bridge-group>
> port-protected
>


This works only between clients on a single AP.
A client associated to AP1 can always reach a wireless station
associated to AP2 because both APs bridge the traffic between different
interfaces in the bridge group, even if "port-protected".

If you want to separate traffic from different business you'll may want
a VLAN setup.

--
Uli
 
Reply With Quote
 
 
 
 
corb
Guest
Posts: n/a
 
      07-16-2006
you'll may want
> a VLAN setup.
>
> --
> Uli


VLAN yes we have looked, but we cannot setup DHCP on the AP per VLAN


 
Reply With Quote
 
 
 
 
thrill5
Guest
Posts: n/a
 
      07-20-2006
You can definitely do this if you have a WLAN controller, like a 4402.
Makes it very easy to setup AP's and WLANs (Wireless LANs).

Scott

"corb" <(E-Mail Removed)> wrote in message
news:Evrug.8983$(E-Mail Removed)...
> you'll may want
>> a VLAN setup.
>>
>> --
>> Uli

>
> VLAN yes we have looked, but we cannot setup DHCP on the AP per VLAN
>



 
Reply With Quote
 
Aaron Leonard
Guest
Posts: n/a
 
      07-28-2006
On Sat, 15 Jul 2006 13:15:00 +0200, Uli Link <(E-Mail Removed)> wrote:

~ Merv schrieb:
~ > check out protect port command on bridge group
~ >
~ > bridge-group <bridge-group>
~ > port-protected
~ >
~
~ This works only between clients on a single AP.
~ A client associated to AP1 can always reach a wireless station
~ associated to AP2 because both APs bridge the traffic between different
~ interfaces in the bridge group, even if "port-protected".
~
~ If you want to separate traffic from different business you'll may want
~ a VLAN setup.

I'd recommend crafting ACLs. I.e. on each access point's radio interface,
have the following input access lists:

bridge ACL: forbid all non-IP packets

IP ACL:
permit IP packets sourced from 0.0.0.0 port bootpc
forbid IP packets sourced from anything but the client range
forbid IP packets sourced from the client range and addressed to the client range
block MS junk

stuff like that ...

[the above is not tested by me]
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it possible that SSID overlay each other ? Gunter Hansen Wireless Networking 0 02-05-2008 07:09 PM
WinXP wireless zero config / wireless client flakiness - other options? Lanwench [MVP - Exchange] Wireless Networking 8 04-20-2006 11:12 PM
wireless client cannot communicate each other? Joe Cisco 2 11-04-2005 05:43 PM
BEFW11S4 and WMP11 wireless devices don't see each other! Carl Sundermann Wireless Networking 1 01-14-2005 11:28 PM
Possible to use a route other than the default fo cisco vpn client? William Schwartz Cisco 0 10-27-2004 05:19 PM



Advertisments