wireless vs. wired broadcasting

Unanswered Question
Feb 27th, 2009
User Badges:

I'm not sure really how to ask this, but I have done some testing in a classroom on my college campus using a wired connection and then a wireless connection. When connected wirelessly, I can see other devices in the network. When connected through ethernet, I can not see the other devices within my network. I use a Cisco Wireless LAN Controller and wonder if there should be a setting disabled in the WLC that would not allow wireless connections to see our other devices? Thanks in advance!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Mohamad Qayoom Fri, 02/27/2009 - 08:06
User Badges:
  • Bronze, 100 points or more

In case of wireless, it's just one big broadcast domain and you see everything. In case of wired network, your broadcast domain is much smaller. I don't think there are any settings on the WLC that can acheive what your are asking for.

waldronks Fri, 02/27/2009 - 08:09
User Badges:

No, when I open up "my network places", I can see servers on our network.

Mohamad Qayoom Fri, 02/27/2009 - 08:11
User Badges:
  • Bronze, 100 points or more

Oh, I thought you were sniffing traffic.

waldronks Fri, 02/27/2009 - 08:16
User Badges:

No I'm just trying to set up a classroom to have public wireless access but prevent them from seeing our servers in the process.

Mohamad Qayoom Fri, 02/27/2009 - 08:18
User Badges:
  • Bronze, 100 points or more

Do you have the servers and users on the same VLAN? Are they using the same SSID?

waldronks Fri, 02/27/2009 - 08:22
User Badges:

The servers are on a separate VLAN from the wireless users. For example, the servers are on VLAN250 and the wireless VLAN is VLAN2. All wireless public users use the same SSID.

waldronks Fri, 02/27/2009 - 08:24
User Badges:

I can access them through wireless only, but I don't want this to be allowed. I need to have that availability to have both connections up at the same time. They are all three (wired, wireless & servers) on separate VLANs.

You have to use certain access control or IP blocking for that to happen. What is the switch model you are using for intervlan routing? You may use VACL to restrict vlan2 to access vlan250. Let me know if you need help in configuring the vacl, but i will not suggest to implement it in a live network until you are pretty sure what IP access is to be granted and what to restrict.

Thanks and regads,


Leo Laohoo Fri, 02/27/2009 - 16:04
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

If you are logged into the WLC, you will see all devices in relation to your Wireless LAN:

1. Hosts trying to or connected to your WLAN SSID(s);

2. Rogue Access Points (and Rogue Clients associated to this Rogue Access Point);

3. Rogue Clients;

4. Ad-Hoc Rogue; and

5. Rogue on a Wire (Un-Authorized Wireless AP/Client/Ad-Hoc connected to your LAN)

It's very hard to do a detailed packet sniffing with Wireless. Data from a host to the AP is encrypted. You'll be able to sniff some of the basic stuffs such as MAC Address, SSID (if SSID broadcast is enabled), frame types, size, etc.

There is no way for a host, associated and authenticated to a particular SSID to be able to see "other" host in the same SSID (unless you install a wireless sniffer on purpose).

Does this answer your question?


This Discussion