I would guess that the VLAN separation should prevent it, but perhaps there are implementation errors on the VLAN implementation inside of individual brands of routers?
Inter-VLAN routing shouldn't be done at the wifi access point, packets would need to be tagged coming out of the wifi AP and switched upstream, unless I'm mistaken about this.
I mean yes and no, if an AP is configured for multiple VLANs you could implement inter VLAN routing on the AP itself. It seems stupid but if your software is ported from a switch or a router to an AP, it could include that.
But yeah I agree, generally it would be receive traffic on a bssid, tag it, and send it out the wire upstream and let the switch deal with sending it back if its allowed by whatever VLANing policy you have.
That should definitely help. You still have to double-check the IP routing tables between the VLANs, but most of the time, that should prevent attacks between SSIDs.
I would guess that the VLAN separation should prevent it, but perhaps there are implementation errors on the VLAN implementation inside of individual brands of routers?
Inter-VLAN routing shouldn't be done at the wifi access point, packets would need to be tagged coming out of the wifi AP and switched upstream, unless I'm mistaken about this.
Access points by their very definition are not capable of inter-VLAN routing.
I mean yes and no, if an AP is configured for multiple VLANs you could implement inter VLAN routing on the AP itself. It seems stupid but if your software is ported from a switch or a router to an AP, it could include that.
But yeah I agree, generally it would be receive traffic on a bssid, tag it, and send it out the wire upstream and let the switch deal with sending it back if its allowed by whatever VLANing policy you have.
That should definitely help. You still have to double-check the IP routing tables between the VLANs, but most of the time, that should prevent attacks between SSIDs.