Configuring WDS using hostap
vda
vda
Thu Oct 9 23:33:12 PDT 2003
On Friday 10 October 2003 07:42, Dave wrote:
> Yes. I did first think about doing routing across our entire network
> similar to how I described...when planning deployment with a future goal of
> mobile IP and absolutely no loss of layer 3 when dis/re-associating to
> APs...I quickly surmised I could not do it without bridging...and without a
> finely tuned bridge.
Hmmm... you are probably right, roaming users will have their
IP address messed up/changed if they migrate to other AP
which have different subnet. At least TCP sessions are definitely
going to die.
But I still don't like large bridged networks. Too insecure.
All those multicasts... one misbehaving Windoze box
can flood entire network with junk.
Secure solution is routed network and clients using
crypted tunneling (cipe?), when 'plain' layer 3
is used only for carrying tunnel traffic. This way
it would not break when client's 'plain' IP address
change, since tunnel IP address will stay the same.
This will need quite a bit of testing before deployment
to get right (as opposed to 'bridge everything' approach).
--
vda
More information about the Hostap
mailing list