On Thu, 4 Sep 2008, Charles Wyble wrote: >>- Many APs have client isolation, which keeps traffic from one >>client going to another. Some switches have this as well. > >Wouldn't all switches have this by design and during normal >operation (various exploits to sniff traffic non withstanding of >course).
Charles, All switches do not, unfortunately, have this capability. The switches (low end) will stop SOME traffic, but broadcast traffic (like DHCP DISCOVER) will NOT be stopped by the switch. In fact, if the switch DID stop this traffic, you'd not be able to do DHCP on a switched network, which is, of course, possible. >>- PPPoE or similar between the customer premise and your network >>core Clint, I agree that this is probably a best solution, but given the network he described, I'd approach it in a slightly different way. I can't recall who initially asked the question that started this thread, but my initial reaction, given the information you've provided regarding the network design. First, as Clint suggested, you should consider some design changes that would make the network more reliable AND easier to troubleshoot. With the network gear you've described, there is no easy way to create the separation between the APs. His suggestion to ensure you have client to client comms turned off is the first step. In order to create separation between the APs, you have one of 2 quick/easy choices. First, you can configure your switch to put each of the APs on a unique VLAN, then configure the router on the trunk port and separate/manage the traffic at the router. This is going to be the cheapest option IF your switch already supports VLANs with a trunk port option. The second option would be to physically separate the APs by putting them into different ports on your router (instead of on a switch). This option, of course, assumes you either already have the spare ethernet ports, or could add them easier/cheaper than you could do so with a switch. You never did mention what type of router you have. Please fill in this detail and we can provide a better/more complete answer. -- ******************************************************************** *Butch Evans *Professional Network Consultation * *Network Engineering *MikroTik RouterOS * *573-276-2879 *ImageStream * *http://www.butchevans.com/ *StarOS and MORE * *http://blog.butchevans.com/ *Wired or wireless Networks * *Mikrotik Certified Consultant *Professional Technical Trainer * ******************************************************************** -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
