On Sun, Sep 23, 2012 at 3:50 PM, JÁKÓ András <jako.andras@eik.bme.hu> wrote:
Second, in the hotspot scenarios where this is likely to be a problem (in IPv4 -or- IPv6) it's addressed by the "AP isolation" feature that's getting close to omnipresent even in the low end APs. With this feature enabled, stations are not allowed to talk to each other over the wlan; they can only talk to hosts on the wired side of the lan.
Not related to the original subject, neither to IPv6 usability on WLANs, just a small comment: As far as I understand "AP isolation" doesn't work if you don't have a WLAN controller but do have more than one APs. E.g. in the following setup
ap1--sw1--sw2--ap2
with "AP isolation" turned on, clients associated to ap1 cannot communicate directly with other clients associated to ap1, however they can communicate directly with those associated to ap2. Broadcast from ap1's clients does also get to all clients at ap2.
Hi András, This is one place where Cisco's "switchport protected" comes in handy. Plug both APs into switches where the port is set to protected mode and neither they nor the associated clients will be able to talk to each other. You can get the same effect with other brands. For example, in one on-the-cheap 5-AP hotspot I did, I vlaned the APs (using an older 802.1q capable switch) back to a Linux bridge with "ebtables --insert FORWARD --jump DROP". The Linux bridge was also the default router out of the wlan, so anything *to* the router worked but anything that would be forwarded was dropped instead. Works great. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004