On 16/07/2017 22:08, Adrian Caspersz wrote:
If I wander in there with n devices connected to their wifi, can the
interfaces talk to each other as well as the net?
I'm hoping the answer is no... as I'm dreaming up a shared internet
facility trying to keep student users roughly isolated on a simple
switch (no VLAN support).
Current plan is multiple DHCP leases, all individually on their own
local lan subnets, each subnet connected to the internet but nowhere else.
Does anyone do an out-of-the-box software build for this DHCP that runs
on a rPI? Extra points if it has a nice GUI....
... or I'll have to sit down and script one for DNSmasq
Its virtually impossible to secure the wireless side.
You can make it more difficult but someone with the will and knowledge
can break it in a matter of seconds to hours depending on what you setup.
There is nothing you can do to stop people monitoring the wireless and
its easy to crack the current encryption standards.
If you want security you *need* to only allow access to a VPN server
with strong encryption. Then the server rules determine who can access what.
If all you want to do is stop wireless clients talking to each other
then look for an AP that has a setting to prevent this. My old netgear
had such a setting. Once set clients could only see the wired side and
not other wireless clients.
You probably need to download the manual and look as its doesn't appear
as a feature in the sales stuff on many AP.