When you forward SM-to-SM traffic upstream, there's nothing the router
can do about it. Put the two locations on different IP subnets so that
traffic between the two has to be routed. Or turn off SM isolation.
I leave SM isolation off because I'm not that paranoid. The biggest risk
is broadcast/multicast crap flying around. So use the SM uplink
broadcast/multicast rate limiting. This is one of the best features of
Canopy, IMO.
On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
We have a customer that has two SM's on the same AP at separate physical
locations (home and office). The have a DVR at each location that they want to
view. Everything is configured properly on their end to view the DVR's on port
80 through their routers. Problem is that we have SM isolation turned on with
option 2 to forward packets upstream and they want to see the home when at the
office and the office when at home.
So I set up a mangle rule in my Mikortik to mark the packets with a routing
mark based on the SRC and DST addresses, and then used a static route for
anything what that mark and send it back to the AP port. It doesn't work, what
am I doing wrong, any suggestions short of disabling SM isolation?
