[WISPA] Preventing backwards router problems

Andrew Niemantsverdriet andrewniemants at gmail.com
Fri Sep 5 09:16:53 CDT 2008 

I am using a Linux box as the router, I am going to add a couple more
interfaces to that box and call the problem solved for now. Going
forward I will be looking at a topology change to prevent these
issues. PPPoE looks like the ticket.

On Thu, Sep 4, 2008 at 11:07 PM, Butch Evans <butche at butchevans.com> wrote:
> On Thu, 4 Sep 2008, Charles Wyble wrote:
>
>>>- Many APs have client isolation, which keeps traffic from one
>>>client going to another.  Some switches have this as well.
>>
>>Wouldn't all switches have this by design and during normal
>>operation (various exploits to sniff traffic non withstanding of
>>course).
>
> Charles,
> All switches do not, unfortunately, have this capability.  The
> switches (low end) will stop SOME traffic, but broadcast traffic
> (like DHCP DISCOVER) will NOT be stopped by the switch.  In fact, if
> the switch DID stop this traffic, you'd not be able to do DHCP on a
> switched network, which is, of course, possible.
>
>>>- PPPoE or similar between the customer premise and your network
>>>core
>
> Clint,
> I agree that this is probably a best solution, but given the network
> he described, I'd approach it in a slightly different way.  I can't
> recall who initially asked the question that started this thread,
> but my initial reaction, given the information you've provided
> regarding the network design.
>
> First, as Clint suggested, you should consider some design changes
> that would make the network more reliable AND easier to
> troubleshoot.  With the network gear you've described, there is no
> easy way to create the separation between the APs.  His suggestion
> to ensure you have client to client comms turned off is the first
> step.  In order to create separation between the APs, you have one
> of 2 quick/easy choices.  First, you can configure your switch to
> put each of the APs on a unique VLAN, then configure the router on
> the trunk port and separate/manage the traffic at the router.  This
> is going to be the cheapest option IF your switch already supports
> VLANs with a trunk port option.
>
> The second option would be to physically separate the APs by putting
> them into different ports on your router (instead of on a switch).
> This option, of course, assumes you either already have the spare
> ethernet ports, or could add them easier/cheaper than you could do
> so with a switch.  You never did mention what type of router you
> have.  Please fill in this detail and we can provide a better/more
> complete answer.
>
> --
> ********************************************************************
> *Butch Evans                    *Professional Network Consultation *
> *Network Engineering            *MikroTik RouterOS                 *
> *573-276-2879                   *ImageStream                       *
> *http://www.butchevans.com/     *StarOS and MORE                   *
> *http://blog.butchevans.com/    *Wired or wireless Networks        *
> *Mikrotik Certified Consultant  *Professional Technical Trainer    *
> ********************************************************************
>
>
> --------------------------------------------------------------------------------
> WISPA Wants You! Join today!
> http://signup.wispa.org/
> --------------------------------------------------------------------------------
>
> WISPA Wireless List: wireless at wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>

More information about the Wireless mailing list