Client Isolation/ AP isolation - how does it work ?

my AP is a linksys WRT54G and it supports client isolation (or AP
isolation as linksys calls it) which prevents one wireless client
communicating with another wireless client.

this is a nice feature but im not sure how it works and wether i could
see traffic to and from stationA to the AP from stationB (for example)
..

MTIA

"sam1967" <footballdvds@gmail.com> wrote in message
news:1121179587.829597.32510@g44g2000cwa.googlegro ups.com...
> my AP is a linksys WRT54G and it supports client isolation (or AP
> isolation as linksys calls it) which prevents one wireless client
> communicating with another wireless client.
>
> this is a nice feature but im not sure how it works and wether i could
> see traffic to and from stationA to the AP from stationB (for example)
> .
>
> MTIA
>
I think that it blocks two messages which stops M$ networking from talking
to each other.

Tony

On 12 Jul 2005 07:46:27 -0700, "sam1967" <footballdvds@gmail.com>
wrote:

>my AP is a linksys WRT54G and it supports client isolation (or AP
>isolation as linksys calls it) which prevents one wireless client
>communicating with another wireless client.
>
>this is a nice feature but im not sure how it works and wether i could
>see traffic to and from stationA to the AP from stationB (for example)

Oh, it's really simple. Wireless access points work by bridging the
wireless port to the wired switch ports and router port. Everything
happens at the MAC address level and does not involve IP addresses,
NETBIOS over TCP/IP (also known as MS Networking). Just MAC
addresses.

The wireless bridge builds a bridging table consisting of a table of
"heard" (or sniffed) MAC addresses that appear on various ports.
There are really just 3 available ports[1]. Wireless, ethernet
switch, and router port. If the destination MAC address of a port is
shows up in the MAC address table as sitting on a specific port, only
that port gets the traffic. Broadcasts, which have no destination MAC
address are sent to all ports.

Well, it's simple enough to build a logical rule (or filter) for these
MAC addresses and ports that says:
"If the packet originates on the wireless port, it can only send
and receive packets that are destined or originate from the router
port or ethernet switch port."
Not a very complex rule, but one which totally prevents wireless
client to client traffic. Not even broadcasts will go from wireless
client to client.

[1] Actually, that's not true as each port on the 4 port ethernet
switch is considered a seperate port. However, let's make life simple
and pretent the switch section is just one port.

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice http://www.LearnByDestroying.com
# jeffl@comix.santa-cruz.ca.us
# jeffl@cruzio.com AE6KS

Thanks again Jeff

That makes perfect sense.

Presumbaly this must also improve performance slightly ?

On 15 Jul 2005 11:07:07 -0700, "sam1967" <footballdvds@gmail.com>
wrote:

>Thanks again Jeff
>That makes perfect sense.
>Presumbaly this must also improve performance slightly ?

Nope. Absolutely no improvement in performance which I guess means
speed. Performance is exactly the same as if you were using one
antenna. The difference is in "reliability" or ability to survive in
a multipath environment. However, you'll get more reliability
benifits out of OFDM modulation, which actually benifits somewhat from
being able to use multiple delayed (reflected) transmissions, than out
of diversity.

To make matters more complex, diversity has the benifit of reducing
the number of speed changes the access point has to make to compensate
for lousy signals. The access point has no way to know if the
corrupted packets are comeing from reflections, poor signal strength,
or interference. It only knows that the packets are arriving trashed.
So, it has only two recourses. It can decrease the maximum packet
size to smaller packets that have a higher probability of getting
through interference or overlapping valid data with reflective
collisions. However, this isn't done because the fragmentation
threshold is normally defaulted to maximum for optimum performance.
So, the only remaining option is to slow things down, which has the
effect of improving the receiver sensitivity. Algorithms vary, but
basically as soon as there's garbage packets, there will be a
corresponding slow down, which of course affects performance. If
diversity can be used to reduce the need to recover from corrupted
packets, then overall performance will improve.

In case you haven't noticed, everything affects everything else, ad
nausium. In my never humble opinion, it is better to go slow and
error free, than fast with lots of retransmissions, speed changes, and
corruption.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558