Most PtMP platforms have their own variation of SM Isolation.
----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Adam Moffett" <dmmoff...@gmail.com> To: af@afmug.com Sent: Monday, February 27, 2017 3:57:04 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. ------ Original Message ------ From: "That One Guy /sarcasm" < thatoneguyst...@gmail.com > To: "af@afmug.com" < af@afmug.com > Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess < dmburg...@linktechs.net > wrote: <blockquote> There is no reason why it would and should not . J You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto: af-boun...@afmug.com ] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess < dmburg...@linktechs.net > wrote: <blockquote> Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto: af-boun...@afmug.com ] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz < fai...@snappytelecom.net > wrote: <blockquote> You might find the useful. https://forum.mikrotik.com/viewtopic.php?t=23640 Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net <blockquote> From: "That One Guy /sarcasm" < thatoneguyst...@gmail.com > To: af@afmug.com Sent: Monday, February 27, 2017 11:34:59 AM Subject: [AFMUG] Mikrotik quick view for unknown subnets <blockquote> If, for example a customer has a router connected backward, is there an arp(ish) check aside from packet sniffing to see this since its not a subnet on the interface and there wont be an arp entry? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. </blockquote> </blockquote> -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. </blockquote> -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. </blockquote> -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. </blockquote>
