take them out of the vlan and do option 2 On Tue, May 24, 2016 at 11:36 AM, Craig Schmaderer <cr...@skywaveconnect.com > wrote:
> Example: > > I have a 450 Access Point that has 3 sms belonging to one company with 3 > sites. > > This client wants to have vpns between all locations. They are all on the > same layer 2 network (same vlan) > > > > Options and expected outcomes > > · Disable SM Isolation (the default selection). This allows full > communication between SMs. > > - Works fine, all traffic can pass, Expected….. > > > > · Enable Option 1 - Block SM destined packets from being forwarded. This > prevents both multicast/broadcast and unicast SM-to-SM communication. > > - Doesn’t work, can establish connections between sms. > Expected…… > > > > · Enable Option 2 - Forward SM destined packets upstream. This not only > prevents multicast/broadcast and unicast SM-to-SM communication but also > sends the packets, which otherwise may have been handled SM to SM, through > the Ethernet port of the AP. > > - Doesn’t work, I thought this would work, I assumed all packets > would be sent upstream to the router than the router would send it back to > the clients, similar to how mac forced forwarding works on my fiber > network. > > > > So I guess my question is “Am I totally miss understanding what option 2 > does? Is the only possible way to allow vpn traffic between sms on the > same access points have to have “Disable SM Isolation set?” > > > > Thanks, Craig. > > > > *Craig R. Schmaderer* > > *CEO | Skywave Wireless, Inc.* > > *Ph: 402-372-1975 <402-372-1975> | Fax: 402-372-1058 <402-372-1058>* > > *Direct: 402-372-1052 <402-372-1052>* > > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.