you cant route between them? thats weird! it seems you have assigned ip space on the same block...
On Tue, May 24, 2016 at 8:51 PM, Gerard Dupont III <[email protected]> wrote: > On our fiber network I use port isolation and mac forced forwarding(not > available in MikroTik) to accomplish layer2 isolation but still allow > client to client unicast traffic. > > Proxy arp is as close to MACFF as you can get in MikroTik. I think you > should be able to use option 2 if you use a different vlan per customer > site(use the default vlan setting in each canopy SM so each site has > a unique vlan) then enable proxy arp for each vlan in your router. I don't > remember if you have to have an ip on the vlan for it to work or not. If > it doesn't work try adding an ip on each vlan. So you don't waste ips you > can use point to point addressing. IE address=routerip/32 > network=customerIpForThisVlan. You might be able to get by with some static > arp entries instead of adding an ip to each vlan. I'm not sure how MikroTik > handles that. > > I suck at explaining myself so I hope this makes sense. You can contact me > offlist if you want to chat/talk about it. > > Gerard > > > On Tuesday, May 24, 2016, Craig Schmaderer <[email protected]> > wrote: > >> Example: >> >> I have a 450 Access Point that has 3 sms belonging to one company with 3 >> sites. >> >> This client wants to have vpns between all locations. They are all on >> the same layer 2 network (same vlan) >> >> >> >> Options and expected outcomes >> >> · Disable SM Isolation (the default selection). This allows full >> communication between SMs. >> >> - Works fine, all traffic can pass, Expected….. >> >> >> >> · Enable Option 1 - Block SM destined packets from being forwarded. This >> prevents both multicast/broadcast and unicast SM-to-SM communication. >> >> - Doesn’t work, can establish connections between sms. >> Expected…… >> >> >> >> · Enable Option 2 - Forward SM destined packets upstream. This not only >> prevents multicast/broadcast and unicast SM-to-SM communication but also >> sends the packets, which otherwise may have been handled SM to SM, through >> the Ethernet port of the AP. >> >> - Doesn’t work, I thought this would work, I assumed all >> packets would be sent upstream to the router than the router would send it >> back to the clients, similar to how mac forced forwarding works on my fiber >> network. >> >> >> >> So I guess my question is “Am I totally miss understanding what option 2 >> does? Is the only possible way to allow vpn traffic between sms on the >> same access points have to have “Disable SM Isolation set?” >> >> >> >> Thanks, Craig. >> >> >> >> *Craig R. Schmaderer* >> >> *CEO | Skywave Wireless, Inc.* >> >> *Ph: 402-372-1975 <402-372-1975> | Fax: 402-372-1058 <402-372-1058>* >> >> *Direct: 402-372-1052 <402-372-1052>* >> >> >> >
