[CoovaChilli] Client isolation / individual subnets per client

Christian Schnatz cschnatz at frederix.de
Fri Apr 7 22:01:40 BST 2017


HI Alex,

in our setup chilli is running on a virtual machine without bridge interface and we don’t have access or control over the lan-infrastructure behind chilli.
So we thought that the only way to separate clients in this setup is to use a layer 3 isolation between the clients and thus putting each client in a separated subnet might be a good solution but i’m not sure how to archive this with chilli.

From my understanding arp-filter is similar to an acl on a switch right? This might not help in this particular setup cause there are several other switches behind chilis lan interface.

So any idea how to get this running on layer 3? 

Regards,
Chris

> Am 07.04.2017 um 11:42 schrieb Alexander Szlezak <alexander.szlezak at unwired.at>:
> 
> Hi Gerrit,
> 
> Usually Chilli would sit on a bridge on the system it resides on. You could do arp filtering (eb-tables) there to prevent client to client communication even if all clients are on the same subnet. Works fine for us.
> 
> 
> best,
> 
> Alex
> 
> 
> Am 07.04.17 um 10:45 schrieb Gerrit Geisler:
>> Hi,
>> 
>> did you ever successfully implement client-isolation in the following
>> infrastructure? If so, I’d greatly appreciate any pointers how to achieve that!
>> 
>> 
>>                                   /- Client 1
>>                        /--- AP 1 {
>> CoovaChilli --- Switch {           \- Client 2
>>                        \--- AP 2 --- Client 3
>> 
>> We want to prevent clients from talking to each other. The APs are capable of
>> separating their own clients, i.e. Client 1 and 2 won't be able to communicate.
>> The switch, however, is not able to prevent routing between AP 1's clients and
>> AP 2's clients, when all clients are in the same subnet.
>> 
>> Can we adjust the chilli-service to achieve the desired result?
>> 
>> So far we thought about dishing out individual /30-subnets to every client,
>> which would probably require a lot of unintended adjustments to chilli. Thus,
>> before doing so, I’d like to learn how you would handle it!
>> 
>> 
>> Thanks in advance,
>> 
>> Gerrit Geisler
>> 
> 
> Mag. Alexander Szlezak
> -- 
> Founder & CEO
> 
> Unwired Networks GmbH
> Gonzagagasse 11/25
> 1010 Wien, Austria
> 
> Tel.: +436601350410 / +43 1 996 20 51
> Web: http://www.unwirednetworks.net
> Support: support at unwired.at
> 
> GeschŠftsfŸhrung: Mag. Alexander Szlezak
> Firmenbuchnummer: FN 365784
> UID-Nummer: ATU66578027
> 
> Sind Sie schon Fan auf Facebook?
> https://www.facebook.com/unwiredwifi
> 
> _______________________________________________
> CoovaChilli mailing list
> CoovaChilli at brightonchilli.org.uk
> https://www.brightonchilli.org.uk/mailman/listinfo/coovachilli



-- 
Wir suchen Dich! Bewirb Dich unter http://frederix.de/jobs

Frederix GmbH
Oskar-Winter-Straße 9
30161 Hannover

Telefon. 0511 / 35 39 789-0
Telefax. 0511 / 35 39 789-71
Internet. www.frederix.de

Direkt-Durchwahlen: 
Vertrieb Hotspot. -30
Vertrieb Systemhaus. -40
Support Hotspot. -50
Support Systemhaus. -60

facebook.com/frederix.de
twitter.com/frederix

Geschäftsführer. Max Fechner, Jonathan Sauppe
Amtsgericht Hannover. HRB 203 644





More information about the CoovaChilli mailing list