Return to FAQ List
FAQ 113: AP configuration in public wireless networksCategory: Initial setup | Updated: 05/26/2012 1:15 PM
To prevent wireless users from 'hacking' into other machines on the same access point you should enable 'AP Isolation'
Also known as...
- Public Secure Packet Forwarding (PSPF) found under VLAN settings on Cisco devices
- Station Separation found under SSID Profile on EnGenius devices
This also has the benefit of improving wireless network performance because the Access Point radio no longer sends traffic between associated devices.
This setting prevents one wireless device from directly communicating with another on the same AP,
thus eliminating the problem of malicious users accessing open Windows shares or unsecured PCs.
However, this setting can also break multi-player gaming or other applications that require a direct connection over the LAN.
Even with this setting enabled, wireless devices would be allowed to communicate out the wired interface of their AP
to another wireless device that is associated to a different AP.
Advanced protection against device to device communication across different APs should be achieved using VLANs or ACLs within your network infrastructure.