I saw a couple of ISP's actually go out of business trying To let customers treat the isp network as Their own. We always assigned public /30 to each and rooted the tunnels
On Tue, May 24, 2016 at 11:46 AM That One Guy /sarcasm < [email protected]> wrote: > take them out of the vlan and do option 2 > > On Tue, May 24, 2016 at 11:36 AM, Craig Schmaderer < > [email protected]> wrote: > >> Example: >> >> I have a 450 Access Point that has 3 sms belonging to one company with 3 >> sites. >> >> This client wants to have vpns between all locations. They are all on >> the same layer 2 network (same vlan) >> >> >> >> Options and expected outcomes >> >> · Disable SM Isolation (the default selection). This allows full >> communication between SMs. >> >> - Works fine, all traffic can pass, Expected….. >> >> >> >> · Enable Option 1 - Block SM destined packets from being forwarded. This >> prevents both multicast/broadcast and unicast SM-to-SM communication. >> >> - Doesn’t work, can establish connections between sms. >> Expected…… >> >> >> >> · Enable Option 2 - Forward SM destined packets upstream. This not only >> prevents multicast/broadcast and unicast SM-to-SM communication but also >> sends the packets, which otherwise may have been handled SM to SM, through >> the Ethernet port of the AP. >> >> - Doesn’t work, I thought this would work, I assumed all >> packets would be sent upstream to the router than the router would send it >> back to the clients, similar to how mac forced forwarding works on my fiber >> network. >> >> >> >> So I guess my question is “Am I totally miss understanding what option 2 >> does? Is the only possible way to allow vpn traffic between sms on the >> same access points have to have “Disable SM Isolation set?” >> >> >> >> Thanks, Craig. >> >> >> >> *Craig R. Schmaderer* >> >> *CEO | Skywave Wireless, Inc.* >> >> *Ph: 402-372-1975 <402-372-1975> | Fax: 402-372-1058 <402-372-1058>* >> >> *Direct: 402-372-1052 <402-372-1052>* >> >> >> > > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. >
