[CoovaChilli] Client isolation / individual subnets per client

Alexander Szlezak alexander.szlezak at unwired.at
Fri Apr 7 10:42:18 BST 2017


Hi Gerrit,

Usually Chilli would sit on a bridge on the system it resides on. You 
could do arp filtering (eb-tables) there to prevent client to client 
communication even if all clients are on the same subnet. Works fine for us.


best,

Alex


Am 07.04.17 um 10:45 schrieb Gerrit Geisler:
> Hi,
>
> did you ever successfully implement client-isolation in the following
> infrastructure? If so, I’d greatly appreciate any pointers how to achieve that!
>
>
>                                    /- Client 1
>                         /--- AP 1 {
> CoovaChilli --- Switch {           \- Client 2
>                         \--- AP 2 --- Client 3
>
> We want to prevent clients from talking to each other. The APs are capable of
> separating their own clients, i.e. Client 1 and 2 won't be able to communicate.
> The switch, however, is not able to prevent routing between AP 1's clients and
> AP 2's clients, when all clients are in the same subnet.
>
> Can we adjust the chilli-service to achieve the desired result?
>
> So far we thought about dishing out individual /30-subnets to every client,
> which would probably require a lot of unintended adjustments to chilli. Thus,
> before doing so, I’d like to learn how you would handle it!
>
>
> Thanks in advance,
>
> Gerrit Geisler
>

Mag. Alexander Szlezak
-- 
Founder & CEO

Unwired Networks GmbH
Gonzagagasse 11/25
1010 Wien, Austria

Tel.: +436601350410 / +43 1 996 20 51
Web: http://www.unwirednetworks.net
Support: support at unwired.at

GeschŠftsfŸhrung: Mag. Alexander Szlezak
Firmenbuchnummer: FN 365784
UID-Nummer: ATU66578027

Sind Sie schon Fan auf Facebook?
https://www.facebook.com/unwiredwifi



More information about the CoovaChilli mailing list