Yeah I was trying to keep this simple and leaving isolation on but it looks like on that ap ill have to disable it. For what it is worth, I do believe that anyone that wants to run vpns between locations should be able to do it without any special treatment,
From: Af [mailto:[email protected]] On Behalf Of George Skorup Sent: Tuesday, May 24, 2016 11:51 AM To: [email protected] Subject: Re: [AFMUG] SM Isolation Question Disable SM isolation or route between them (/30's or whatever). On 5/24/2016 11:36 AM, Craig Schmaderer wrote: Example: I have a 450 Access Point that has 3 sms belonging to one company with 3 sites. This client wants to have vpns between all locations.� They are all on the same layer 2 network (same vlan) � Options and expected outcomes *** Disable SM Isolation (the default selection). This allows full communication between SMs. - Works fine, all traffic can pass, Expected�.. ��������������� *** Enable Option 1 - Block SM destined packets from being forwarded. This prevents both multicast/broadcast and unicast SM-to-SM communication. - Doesn�t work, can establish connections between sms.� Expected�� � *** Enable Option 2 - Forward SM destined packets upstream. This not only prevents multicast/broadcast and unicast SM-to-SM communication but also sends the packets, which otherwise may have been handled SM to SM, through the Ethernet port of the AP. - Doesn�t work, I thought this would work, I assumed all packets would be sent upstream to the router than the router would send it back to the clients, similar to how mac forced forwarding works on my fiber network.� � So I guess my question is �Am I totally miss understanding what option 2 does?� Is the only possible way to allow vpn traffic between sms on the same access points have to have �Disable SM Isolation set?� � Thanks, Craig. � Craig R. Schmaderer CEO | Skywave Wireless, Inc. Ph: 402-372-1975 | Fax: 402-372-1058 Direct: 402-372-1052 �
