DNS Redirector
 Return to FAQ List

FAQ 113: AP configuration in public wireless networks

Category: Initial setup

To prevent wireless users from 'hacking' into other machines on the same access point you should enable 'AP Isolation'

Also known as...
- Public Secure Packet Forwarding (PSPF) found under VLAN settings on Cisco devices
- Station Separation found under SSID Profile on EnGenius devices

This also has the benefit of improving wireless network performance because the Access Point radio no longer sends traffic between associated devices.

This setting prevents one wireless device from directly communicating with another on the same AP, thus eliminating the problem of malicious users accessing open Windows shares or unsecured PCs. However, this setting can also break multi-player gaming or other applications that require a direct connection over the LAN.

Even with this setting enabled, wireless devices would be allowed to communicate out the wired interface of their AP to another wireless device that is associated to a different AP. Advanced protection against device to device communication across different APs should be achieved using VLANs or ACLs within your network infrastructure.

DNS Redirector | Legal Information | 2003-2019