ROBIN -  Open Source Mesh Network Forum Index ROBIN - Open Source Mesh Network
users community forum
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

AP isolation

 
Post new topic   Reply to topic    ROBIN - Open Source Mesh Network Forum Index -> Absolute Beginner Talk
View previous topic :: View next topic  
Author Message
Ads






Posted: Sun Sep 24, 2017 11:08 am    Post subject: Ads

Back to top
amleivar
User
User


Joined: 15 Dec 2011
Posts: 18

PostPosted: Mon Jan 16, 2012 12:10 pm    Post subject: AP isolation Reply with quote

Hi,

I was wondering how AP isolation works. I want any device from any node to be completely UNaccesible to any other device. How is it done by the node? Using iptables or how?

Regards, Álvaro
Back to top
View user's profile Send private message
codyc1515
Moderator
Moderator


Joined: 31 May 2010
Posts: 1752
Location: New Zealand

PostPosted: Tue Jan 17, 2012 8:06 am    Post subject: Reply with quote

I'm pretty sure you will find that it is done using either iptables (most likely) or at the radio level. All that matters is if it works or not. Just try it and see.

_________________

Only registered users can see links on this forum!
Register or Login on forum!

Back to top
View user's profile Send private message Visit poster's website
dmg
Intermediate User
Intermediate User


Joined: 16 Nov 2008
Posts: 140
Location: Nr Lancaster UK

PostPosted: Tue Jan 17, 2012 10:33 am    Post subject: Reply with quote

Are we saying that with it switched on it stops any meshing but clients can still use the AP for the internet ?

If so will setting it save resources and memory in the AP which must good on gateway only network nodes.
Back to top
View user's profile Send private message
codyc1515
Moderator
Moderator


Joined: 31 May 2010
Posts: 1752
Location: New Zealand

PostPosted: Tue Jan 17, 2012 10:35 am    Post subject: Reply with quote

dmg wrote:
Are we saying that with it switched on it stops any meshing but clients can still use the AP for the internet ?

If so will setting it save resources and memory in the AP which must good on gateway only network nodes.

I think the feature that we are discussing is stopping clients being able to access each others devices.

_________________

Only registered users can see links on this forum!
Register or Login on forum!

Back to top
View user's profile Send private message Visit poster's website
dmg
Intermediate User
Intermediate User


Joined: 16 Nov 2008
Posts: 140
Location: Nr Lancaster UK

PostPosted: Tue Jan 17, 2012 10:54 am    Post subject: Reply with quote

Thanks I remember that now you have pointed it out Embarassed
Back to top
View user's profile Send private message
minbari
Skilled User
Skilled User


Joined: 15 Dec 2009
Posts: 232

PostPosted: Tue Jan 17, 2012 8:58 pm    Post subject: Reply with quote

it was designed so that if you have a private network, you can access computers and printers, etc. if you are using for ISP uses, then turn the isolation on.
Back to top
View user's profile Send private message Send e-mail
codyc1515
Moderator
Moderator


Joined: 31 May 2010
Posts: 1752
Location: New Zealand

PostPosted: Thu Jan 19, 2012 12:32 pm    Post subject: Reply with quote

minbari wrote:
it was designed so that if you have a private network, you can access computers and printers, etc. if you are using for ISP uses, then turn the isolation on.

Exactly that.

_________________

Only registered users can see links on this forum!
Register or Login on forum!

Back to top
View user's profile Send private message Visit poster's website
robgmann
Ultimate User
Ultimate User


Joined: 06 May 2009
Posts: 512
Location: Monterey, California USA

PostPosted: Thu Jan 19, 2012 5:46 pm    Post subject: Reply with quote

I just ran across this issue on my network (for some reason Cloudtrax was not pushing out the required config when I checked "AP Isolation", so I went in search of a manual solution).
It seems the configuration is
uci set wireless.public.isolate=1 which would imply it's part of the wireless config.

There is also a setting iprules.filter.AP1_isolation= but when I changed that and rebooted the node, I still had a client who could see another user's Shared folder. The wireless.public.isolate seemed to resolve it.

Cody - can you confirm this from a dashboard perspective? Is this right dashboard switch?
Back to top
View user's profile Send private message
codyc1515
Moderator
Moderator


Joined: 31 May 2010
Posts: 1752
Location: New Zealand

PostPosted: Fri Jan 20, 2012 1:22 am    Post subject: Reply with quote

To be honest I'm not quite sure, we do have the option in WiFi Mesh but it will not be sent to the node as it never quite worked correctly. I will have to look into this.

_________________

Only registered users can see links on this forum!
Register or Login on forum!

Back to top
View user's profile Send private message Visit poster's website
brecklandit
Ultimate User
Ultimate User


Joined: 23 Mar 2010
Posts: 717

PostPosted: Fri Jan 20, 2012 6:59 pm    Post subject: Reply with quote

I don't have any nodes handy at the moment, but you may want to look into the lanblock option which isolates either ssid1,ssid2 or both from the lan.

_________________
Please support the Robin Mesh project by donating via paypal to:

Only registered users can see links on this forum!
Register or Login on forum!

.
Back to top
View user's profile Send private message
amleivar
User
User


Joined: 15 Dec 2011
Posts: 18

PostPosted: Sun Jan 22, 2012 8:23 pm    Post subject: Reply with quote

Ok, i'll try manually to do it, thanks!
Back to top
View user's profile Send private message
amleivar
User
User


Joined: 15 Dec 2011
Posts: 18

PostPosted: Mon Jan 23, 2012 8:38 pm    Post subject: Reply with quote

I can confirm that manually setting isolate to 1 makes the trick. What I've have been:
Code:
uci set wireless.public.isolate=1
uci set iprules.filter.AP1_isolation=1
uci set iprules.filter.AP2_isolation=1
uci commit wireless
uci commit iprules

Thanks!
Back to top
View user's profile Send private message
amleivar
User
User


Joined: 15 Dec 2011
Posts: 18

PostPosted: Mon Jan 23, 2012 10:01 pm    Post subject: Reply with quote

Hi, I am having another issue. After setting the above parameters I reboot the node and the isolation is applied, but the next update will change the three parameters and reboot the node disabling the isolation.

I have modified the checkin-batman.php so the parameters are always sent as 1 (I have double checked and it's sent correctly) but the parameters are changed to 0 anyway.

Any clues?
Back to top
View user's profile Send private message
codyc1515
Moderator
Moderator


Joined: 31 May 2010
Posts: 1752
Location: New Zealand

PostPosted: Tue Jan 24, 2012 12:58 am    Post subject: Reply with quote

amleivar wrote:
Hi, I am having another issue. After setting the above parameters I reboot the node and the isolation is applied, but the next update will change the three parameters and reboot the node disabling the isolation.

I have modified the checkin-batman.php so the parameters are always sent as 1 (I have double checked and it's sent correctly) but the parameters are changed to 0 anyway.

Any clues?

Which dashboard is this?

_________________

Only registered users can see links on this forum!
Register or Login on forum!

Back to top
View user's profile Send private message Visit poster's website
amleivar
User
User


Joined: 15 Dec 2011
Posts: 18

PostPosted: Tue Jan 24, 2012 8:17 am    Post subject: Reply with quote

It's robin dash locally hosted
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    ROBIN - Open Source Mesh Network Forum Index -> Absolute Beginner Talk All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
c d
e



Powered by phpBB © 2001, 2005 phpBB Group

Abuse - Report Abuse - TOS & Privacy.
Powered by forumup.it free forum, create your free forum! Created by Hyarbor & Qooqoa
Confirmed

Page generation time: 0.127