I'm not sure really how to ask this, but I have done some testing in a classroom on my college campus using a wired connection and then a wireless connection. When connected wirelessly, I can see other devices in the network. When connected through ethernet, I can not see the other devices within my network. I use a Cisco Wireless LAN Controller and wonder if there should be a setting disabled in the WLC that would not allow wireless connections to see our other devices? Thanks in advance!
In case of wireless, it's just one big broadcast domain and you see everything. In case of wired network, your broadcast domain is much smaller. I don't think there are any settings on the WLC that can acheive what your are asking for.
Please define 'able to see other device in teh network'. Are you using some tool like 'ping scan'?
Thanks and regards,
No I'm just trying to set up a classroom to have public wireless access but prevent them from seeing our servers in the process.
The servers are on a separate VLAN from the wireless users. For example, the servers are on VLAN250 and the wireless VLAN is VLAN2. All wireless public users use the same SSID.
Can you access the servers through wired as well as wireless connections? Make sure while using one, another connection should be down/unplugged.
Are you using the same subnet/vlan for both wireless and wired connection?
Thanks and regards,
I can access them through wireless only, but I don't want this to be allowed. I need to have that availability to have both connections up at the same time. They are all three (wired, wireless & servers) on separate VLANs.
You have to use certain access control or IP blocking for that to happen. What is the switch model you are using for intervlan routing? You may use VACL to restrict vlan2 to access vlan250. Let me know if you need help in configuring the vacl, but i will not suggest to implement it in a live network until you are pretty sure what IP access is to be granted and what to restrict.
Thanks and regads,
If you are logged into the WLC, you will see all devices in relation to your Wireless LAN:
1. Hosts trying to or connected to your WLAN SSID(s);
2. Rogue Access Points (and Rogue Clients associated to this Rogue Access Point);
3. Rogue Clients;
4. Ad-Hoc Rogue; and
5. Rogue on a Wire (Un-Authorized Wireless AP/Client/Ad-Hoc connected to your LAN)
It's very hard to do a detailed packet sniffing with Wireless. Data from a host to the AP is encrypted. You'll be able to sniff some of the basic stuffs such as MAC Address, SSID (if SSID broadcast is enabled), frame types, size, etc.
There is no way for a host, associated and authenticated to a particular SSID to be able to see "other" host in the same SSID (unless you install a wireless sniffer on purpose).
Does this answer your question?