Re: Cisco Wireless - Client hidden from each other possible ?

Discussion in 'Cisco' started by Uli Link, Jul 15, 2006.

  1. Uli Link

    Uli Link Guest

    Merv schrieb:
    > check out protect port command on bridge group
    >
    > bridge-group <bridge-group>
    > port-protected
    >


    This works only between clients on a single AP.
    A client associated to AP1 can always reach a wireless station
    associated to AP2 because both APs bridge the traffic between different
    interfaces in the bridge group, even if "port-protected".

    If you want to separate traffic from different business you'll may want
    a VLAN setup.

    --
    Uli
     
    Uli Link, Jul 15, 2006
    #1
    1. Advertising

  2. Uli Link

    corb Guest

    you'll may want
    > a VLAN setup.
    >
    > --
    > Uli


    VLAN yes we have looked, but we cannot setup DHCP on the AP per VLAN
     
    corb, Jul 16, 2006
    #2
    1. Advertising

  3. Uli Link

    thrill5 Guest

    You can definitely do this if you have a WLAN controller, like a 4402.
    Makes it very easy to setup AP's and WLANs (Wireless LANs).

    Scott

    "corb" <> wrote in message
    news:Evrug.8983$...
    > you'll may want
    >> a VLAN setup.
    >>
    >> --
    >> Uli

    >
    > VLAN yes we have looked, but we cannot setup DHCP on the AP per VLAN
    >
     
    thrill5, Jul 20, 2006
    #3
  4. On Sat, 15 Jul 2006 13:15:00 +0200, Uli Link <> wrote:

    ~ Merv schrieb:
    ~ > check out protect port command on bridge group
    ~ >
    ~ > bridge-group <bridge-group>
    ~ > port-protected
    ~ >
    ~
    ~ This works only between clients on a single AP.
    ~ A client associated to AP1 can always reach a wireless station
    ~ associated to AP2 because both APs bridge the traffic between different
    ~ interfaces in the bridge group, even if "port-protected".
    ~
    ~ If you want to separate traffic from different business you'll may want
    ~ a VLAN setup.

    I'd recommend crafting ACLs. I.e. on each access point's radio interface,
    have the following input access lists:

    bridge ACL: forbid all non-IP packets

    IP ACL:
    permit IP packets sourced from 0.0.0.0 port bootpc
    forbid IP packets sourced from anything but the client range
    forbid IP packets sourced from the client range and addressed to the client range
    block MS junk

    stuff like that ...

    [the above is not tested by me]
     
    Aaron Leonard, Jul 28, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Carl Sundermann

    BEFW11S4 and WMP11 wireless devices don't see each other!

    Carl Sundermann, Nov 16, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    652
    Robert Jacobs
    Jan 14, 2005
  2. William Schwartz
    Replies:
    0
    Views:
    455
    William Schwartz
    Oct 27, 2004
  3. Joe
    Replies:
    2
    Views:
    4,047
    Uli Link
    Nov 4, 2005
  4. Gunter Hansen

    Is it possible that SSID overlay each other ?

    Gunter Hansen, Feb 5, 2008, in forum: Wireless Networking
    Replies:
    0
    Views:
    596
    Gunter Hansen
    Feb 5, 2008
  5. Boppy
    Replies:
    10
    Views:
    1,314
    Sweetpea
    Jan 23, 2010
Loading...

Share This Page