+ Post New Thread
Results 1 to 7 of 7
Wireless Networks Thread, BYOD inter client communication in Technical; If you are running a vlan'ed byod guest network do you allow client to client communication? Ben...
  1. #1

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,615
    Thank Post
    747
    Thanked 1,707 Times in 1,520 Posts
    Rep Power
    437

    BYOD inter client communication

    If you are running a vlan'ed byod guest network do you allow client to client communication?

    Ben
    Last edited by plexer; 7th May 2014 at 10:20 PM.

  2. #2
    Boredguy's Avatar
    Join Date
    Jun 2011
    Location
    Swindon
    Posts
    676
    Thank Post
    4
    Thanked 148 Times in 137 Posts
    Rep Power
    54
    Depends how you configure it.
    Our current BYoD has client separation enabled and I've not decided if I will keep that when we get a new WiFi installed over the summer (hopefully)

  3. #3

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,615
    Thank Post
    747
    Thanked 1,707 Times in 1,520 Posts
    Rep Power
    437
    Quote Originally Posted by Boredguy View Post
    Depends how you configure it.
    Our current BYoD has client separation enabled and I've not decided if I will keep that when we get a new WiFi installed over the summer (hopefully)
    Ok thanks I've rephrased my question as I know that it's possible to restrict inter client communication what I wanted to know is if people do actually configure it that way.

    Thanks

    Ben

  4. #4

    Join Date
    May 2014
    Location
    North East
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi Ben,

    its hobsons choice really and all down to acceptable risk, but there is some mileage in preventing users connecting with uncontrolled devices from being able to see each other on wireless networks. The main reason is that you have no knowledge of what malicious tool sets may be on those devices and so you would want to prevent folk from targeting others on your network. on the whole though, securing BYOD and Public networks from private or corporate ones can really only be done properly by using layer 3 separation technologies such as VRF. Relying on VLANs alone isn't all that secure.

    Cheers
    Shaun

  5. #5

    Join Date
    Apr 2009
    Location
    London
    Posts
    60
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by roadhouse1387 View Post
    ... securing BYOD and Public networks from private or corporate ones can really only be done properly by using layer 3 separation technologies such as VRF. Relying on VLANs alone isn't all that secure.
    Hi Shaun,

    That's an interesting idea. Please can you describe the insecurities when using VLANs to separate network security groups? I think I know what I'm doing here, and I'm not sure what you believe the risks are ...

    BTW, a long time ago it was possible to get packets to skip between VLANs, but those bugs were fixed.

    Andrew

  6. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,270
    Thank Post
    884
    Thanked 2,747 Times in 2,321 Posts
    Blog Entries
    11
    Rep Power
    785
    No we don't allow the DLNA advertisement of little Johnny's extra-curricular human biology homework to all the other devices on the subnet.


    VLAN hopping should not be a concern unless you have trunked interfaces offered out in the wild where tagged frames will actually be accepted. A guest VLAN should be native for the whole segment after it hits the WAP/Controller - depending on the system used.
    Last edited by SYNACK; 26th May 2014 at 04:29 PM.

  7. #7

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,316
    Thank Post
    902
    Thanked 1,798 Times in 1,549 Posts
    Blog Entries
    12
    Rep Power
    466
    We do not allow the clients to communicate with each other. There is no need. If we had it on the kids would only use it to share resources using something like bonjour (there they can share music on itunes) or air drop etc.



SHARE:
+ Post New Thread

Similar Threads

  1. Deploying Office Communicator Client
    By RageSto in forum Enterprise Software
    Replies: 1
    Last Post: 25th June 2013, 11:45 PM
  2. Replies: 7
    Last Post: 1st December 2011, 10:26 PM
  3. Replies: 8
    Last Post: 18th October 2005, 10:27 AM
  4. Creating a new client image.
    By ninjabeaver in forum Windows
    Replies: 14
    Last Post: 14th July 2005, 11:33 PM
  5. Replies: 18
    Last Post: 11th July 2005, 10:19 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •