Ap_isolate behavior.

[Sergey Ryazanov]

Hello Mark,

On Fri, Sep 10, 2021 at 12:37 AM Mark K Vallevand <mvallevand at q.com> wrote:
> I have two stations connected to an access point.
> The stations can communicate with each other.  According to the docs, hostapd allows this low-level bridging by default.
> If I set the ap_isolate=1, the bridging is disabled and the stations cannot communicate.
> However, it appears the the frames are not forwarded upstream either.

Sounds like a kernel bug or some misconfiguration. There is too little
information to say what exactly went wrong. Recheck traffic forwarding
or post full hostap configuration and related network subsystem
settings (e.g. bridges configuration, routes, etc.).

> Is there a way to disable the bridging done by hostapd and make it forward all frames from connected stations?

ap_isolate=1 should be enough.

> Will per_sta_vif=1 be of any use?

You need per_sta_vif=1 to apply some advanced inter-client filtering,
e.g. block SMB protocol while allowing any other communications. If
you need to fully block direct client-to-client communications within
BSS, then use the ap_isolate option instead.

-- 
Sergey