/32 subnet

[Emanuele Pucciarelli]

Il giorno 04/feb/09, alle ore 11:25, Thomas Liske ha scritto:

> And you need an AP which support client separation. Whats about  
> wired hotspots?

I second Marco – there are L2 switches that can separate ports. Cisco  
started it, but nowadays you can find inexpensive alternatives that do  
it too. E.g. HP Procurve's 2510 switches call it "protected ports";  
they don't have all the private VLAN features that Catalysts offer,  
but IMHO they are more than good enough for a small/medium  
installation on a budget.

Where this is not an option, I think that L3 separation is a very  
welcome addition to avoid accidental communication, from random  
browsing to subnet-sweeping malware :)

A similar approach is followed by some boxes that pick a random subnet  
(I haven't tested them, but I suppose it may be a simple /30) out of a  
larger private IP space, therefore adding a different IP alias to the  
default gateway for each connected client. I don't know whether that  
would improve on your patch; it seems to me that it would add further  
complication without providing additional security.

So… thank you for the patch! :)

-- 
Emanuele