Posted: Tue Feb 10, 2015 13:07 Post subject: need some help
Hi, I have no idea on how this things work, I just follow this as it is.. I have a question in mind.. I have heard of sniffing packets and MITM attack.. So, if someone has access to my guest network, can he sniff and perform MITM attack or any kind of attacks to clients in main AP that is dangerous for my security?? And if so then please give me the solution and also if I use multi ssid, will it affect the performance of router? Your help will will be grateful to me.. Thanks in advance..
Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Tue Feb 10, 2015 13:52 Post subject:
If you use "AP isolation" function suggested in this article you are protected. About multiple ssid, I have been using 3 VAP wthout problem. Wiki says 5 is max. You can test it by yourself, but I think that it is router depended... It is not same if you have dual or single core CPU etc. (RAM)...
If you use "AP isolation" function suggested in this article you are protected. About multiple ssid, I have been using 3 VAP wthout problem. Wiki says 5 is max. You can test it by yourself, but I think that it is router depended... It is not same if you have dual or single core CPU etc. (RAM)...
Thanks for ur reply.. so I have a wap and a vap both password (different passwords) protected and I have followed this article except access restriction part and bandwidth limit and yes ap isolation is enabled as this article says.. So my friends connected to guest network, cant hack anything or spy on me about what I am doing on my network right?
Edit: I have another confusion.. Please pardon me for asking you so much question.. I have serached before asking and did not get any easy answer.. What if I select bridge connection in vap instead of unbridged? thanks in advance again
Net isolation = Guests can not hack your private LAN+WLAN
AP Isolation = Guests can not hack each other on guest VAP
unbridged vs bridged = works same way
unbridged = just few clicks
bridged = must use custom iptable firewall rules etc.
Thanks for ur reply.. In my case both ssid using same channel. will this make any interference issue?? or is there any solution to make them use different channel?
Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Wed Feb 11, 2015 8:12 Post subject:
vaps wont work on a different channel, i think thats a hw limit, one radio cant broadcast on 2 separate channels at once. but 2 networks on the same channels dont "interfere", instead they coexist, taking turns transmitting _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Joined: 10 Apr 2014 Posts: 3 Location: Pacific time, USA
Posted: Sun Feb 15, 2015 1:43 Post subject:
Mile-Lile wrote:
Net isolation = Guests can not hack your private LAN+WLAN
AP Isolation = Guests can not hack each other on guest VAP
unbridged vs bridged = works same way
unbridged = just few clicks
bridged = must use custom iptable firewall rules etc.
I couldn't find the "net isolation" setting.
But, I've got it working with an unbridged vap, and a router rule to deny access to the LAN (e.g.
"iptables -t nat -A PREROUTING -i ath0.1 --destination 192.168.0.1/24 -j DROP", where the destination is the lan's subnet.)
Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Sun Feb 15, 2015 8:31 Post subject:
Net isolation button is available only on unbridged inteface
on newer builds for Broadcom starting from build 23020, for Atheros starting from build 24759 and for Ralink/Mediatek units starting from build 25934.
I try to create guest wi-fi, but there is an QoS problem.
When i try to limit the guest addresses noting happen.
Speed limitations works only on main network. When guest is connected allways have full speed. Anyone have the same problem?