we ran SM isolation on all our AP's and never had to disable it when we used /30's and tunneling.
On Tue, May 24, 2016 at 4:16 PM Craig Schmaderer <cr...@skywaveconnect.com> wrote: > Yeah I was trying to keep this simple and leaving isolation on but it > looks like on that ap ill have to disable it. For what it is worth, I do > believe that anyone that wants to run vpns between locations should be able > to do it without any special treatment, > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *George Skorup > *Sent:* Tuesday, May 24, 2016 11:51 AM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] SM Isolation Question > > > > Disable SM isolation or route between them (/30's or whatever). > > On 5/24/2016 11:36 AM, Craig Schmaderer wrote: > > Example: > > I have a 450 Access Point that has 3 sms belonging to one company with 3 > sites. > > This client wants to have vpns between all locations.� They are all on > the same layer 2 network (same vlan) > > � > > Options and expected outcomes > > � Disable SM Isolation (the default selection). This allows full > communication between SMs. > > - Works fine, all traffic can pass, Expected�.. > > ��������������� > > � Enable Option 1 - Block SM destined packets from being forwarded. > This prevents both multicast/broadcast and unicast SM-to-SM communication. > > - Doesn�t work, can establish connections between sms.� > Expected�� > > � > > � Enable Option 2 - Forward SM destined packets upstream. This not only > prevents multicast/broadcast and unicast SM-to-SM communication but also > sends the packets, which otherwise may have been handled SM to SM, through > the Ethernet port of the AP. > > - Doesn�t work, I thought this would work, I assumed all > packets would be sent upstream to the router than the router would send it > back to the clients, similar to how mac forced forwarding works on my fiber > network.� > > � > > So I guess my question is �Am I totally miss understanding what option 2 > does?� Is the only possible way to allow vpn traffic between sms on the > same access points have to have �Disable SM Isolation set?� > > � > > Thanks, Craig. > > � > > *Craig R. Schmaderer* > > *CEO | Skywave Wireless, Inc.* > > *Ph: 402-372-1975 | Fax: 402-372-1058* > > *Direct: 402-372-1052* > > � > > >