FAQ 113: AP configuration in public wireless networks
Category: Initial setup | Updated: 3/25/2010 10:45:57 AM | Read: 217 (Last: 9/5/2010 3:49:02 AM) To prevent wireless users from 'hacking' into other machines on the same access point you should enable 'AP Isolation' (or 'Public Secure Packet Forwarding' [PSPF] found in VLAN settings on Cisco devices). This setting also has the benefit of improving wireless network performance because the Access Point radio no longer sends traffic between associated devices.
Note: The setting prevents one wireless device from directly communicating with another wireless device on the same AP, thus eliminating the problem of malicious users accessing open Windows shares or unsecured PCs. However, this setting can also break multi-player gaming or other applications that require a direct connection over the LAN.
With this setting enabled, wireless devices are still allowed to communicate out the wired interface of the AP, and thus may be able to communicate to another wireless device that is associated to a different AP on the same network. Advanced protection against device to device communication (even across different APs) should be achieved using VLANs or ACLs within your network infrastructure.
Was this article helpful? Votes so far: 49% in 128
