Re: [AFMUG] SM Isolation Question

[Gino Villarini]

you cant route between them? thats weird! it seems you have assigned ip
space on the same block...

On Tue, May 24, 2016 at 8:51 PM, Gerard Dupont III 
wrote:

> On our fiber network I use port isolation and mac forced forwarding(not
> available in MikroTik) to accomplish layer2 isolation but still allow
> client to client unicast traffic.
>
> Proxy arp is as close to MACFF as you can get in MikroTik. I think you
> should be able to use option 2 if you use a different vlan per customer
> site(use the default vlan setting in each canopy SM so each site has
> a unique vlan) then enable proxy arp for each vlan in your router. I don't
> remember if you have to have an ip on the vlan for it to work or not. If
> it doesn't work try adding an ip on each vlan. So you don't waste ips you
> can use point to point addressing. IE address=routerip/32
> network=customerIpForThisVlan. You might be able to get by with some static
> arp entries instead of adding an ip to each vlan. I'm not sure how MikroTik
> handles that.
>
> I suck at explaining myself so I hope this makes sense. You can contact me
> offlist if you want to chat/talk about it.
>
> Gerard
>
>
> On Tuesday, May 24, 2016, Craig Schmaderer 
> wrote:
>
>> Example:
>>
>> I have a 450 Access Point that has 3 sms belonging to one company with 3
>> sites.
>>
>> This client wants to have vpns between all locations.  They are all on
>> the same layer 2 network (same vlan)
>>
>>
>>
>> Options and expected outcomes
>>
>> · Disable SM Isolation (the default selection). This allows full
>> communication between SMs.
>>
>> -  Works fine, all traffic can pass, Expected…..
>>
>>
>>
>> · Enable Option 1 - Block SM destined packets from being forwarded. This
>> prevents both multicast/broadcast and unicast SM-to-SM communication.
>>
>> -  Doesn’t work, can establish connections between sms.
>> Expected……
>>
>>
>>
>> · Enable Option 2 - Forward SM destined packets upstream. This not only
>> prevents multicast/broadcast and unicast SM-to-SM communication but also
>> sends the packets, which otherwise may have been handled SM to SM, through
>> the Ethernet port of the AP.
>>
>> -  Doesn’t work, I thought this would work, I assumed all
>> packets would be sent upstream to the router than the router would send it
>> back to the clients, similar to how mac forced forwarding works on my fiber
>> network.
>>
>>
>>
>> So I guess my question is “Am I totally miss understanding what option 2
>> does?  Is the only possible way to allow vpn traffic between sms on the
>> same access points have to have “Disable SM Isolation set?”
>>
>>
>>
>> Thanks, Craig.
>>
>>
>>
>> *Craig R. Schmaderer*
>>
>> *CEO | Skywave Wireless, Inc.*
>>
>> *Ph: 402-372-1975 <402-372-1975> | Fax: 402-372-1058 <402-372-1058>*
>>
>> *Direct: 402-372-1052 <402-372-1052>*
>>
>>
>>
>

[AFMUG] SM Isolation Question

[Gerard Dupont III]

On our fiber network I use port isolation and mac forced forwarding(not
available in MikroTik) to accomplish layer2 isolation but still allow
client to client unicast traffic.

Proxy arp is as close to MACFF as you can get in MikroTik. I think you
should be able to use option 2 if you use a different vlan per customer
site(use the default vlan setting in each canopy SM so each site has
a unique vlan) then enable proxy arp for each vlan in your router. I don't
remember if you have to have an ip on the vlan for it to work or not. If
it doesn't work try adding an ip on each vlan. So you don't waste ips you
can use point to point addressing. IE address=routerip/32
network=customerIpForThisVlan. You might be able to get by with some static
arp entries instead of adding an ip to each vlan. I'm not sure how MikroTik
handles that.

I suck at explaining myself so I hope this makes sense. You can contact me
offlist if you want to chat/talk about it.

Gerard


On Tuesday, May 24, 2016, Craig Schmaderer > wrote:

> Example:
>
> I have a 450 Access Point that has 3 sms belonging to one company with 3
> sites.
>
> This client wants to have vpns between all locations.  They are all on the
> same layer 2 network (same vlan)
>
>
>
> Options and expected outcomes
>
> · Disable SM Isolation (the default selection). This allows full
> communication between SMs.
>
> -  Works fine, all traffic can pass, Expected…..
>
>
>
> · Enable Option 1 - Block SM destined packets from being forwarded. This
> prevents both multicast/broadcast and unicast SM-to-SM communication.
>
> -  Doesn’t work, can establish connections between sms.
> Expected……
>
>
>
> · Enable Option 2 - Forward SM destined packets upstream. This not only
> prevents multicast/broadcast and unicast SM-to-SM communication but also
> sends the packets, which otherwise may have been handled SM to SM, through
> the Ethernet port of the AP.
>
> -  Doesn’t work, I thought this would work, I assumed all packets
> would be sent upstream to the router than the router would send it back to
> the clients, similar to how mac forced forwarding works on my fiber
> network.
>
>
>
> So I guess my question is “Am I totally miss understanding what option 2
> does?  Is the only possible way to allow vpn traffic between sms on the
> same access points have to have “Disable SM Isolation set?”
>
>
>
> Thanks, Craig.
>
>
>
> *Craig R. Schmaderer*
>
> *CEO | Skywave Wireless, Inc.*
>
> *Ph: 402-372-1975 | Fax: 402-372-1058*
>
> *Direct: 402-372-1052*
>
>
>

Re: [AFMUG] SM Isolation Question

[Lewis Bergman]

we ran SM isolation on all our AP's and never had to disable it when we
used /30's and tunneling.

On Tue, May 24, 2016 at 4:16 PM Craig Schmaderer 
wrote:

> Yeah I was trying to keep this simple and leaving isolation on but it
> looks like on that ap ill have to disable it.  For what it is worth, I do
> believe that anyone that wants to run vpns between locations should be able
> to do it without any special treatment,
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *George Skorup
> *Sent:* Tuesday, May 24, 2016 11:51 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] SM Isolation Question
>
>
>
> Disable SM isolation or route between them (/30's or whatever).
>
> On 5/24/2016 11:36 AM, Craig Schmaderer wrote:
>
> Example:
>
> I have a 450 Access Point that has 3 sms belonging to one company with 3
> sites.
>
> This client wants to have vpns between all locations.� They are all on
> the same layer 2 network (same vlan)
>
> �
>
> Options and expected outcomes
>
> � Disable SM Isolation (the default selection). This allows full
> communication between SMs.
>
> -  Works fine, all traffic can pass, Expected�..
>
> ���������������
>
> � Enable Option 1 - Block SM destined packets from being forwarded.
> This prevents both multicast/broadcast and unicast SM-to-SM communication.
>
> -  Doesn�t work, can establish connections between sms.�
> Expected��
>
> �
>
> � Enable Option 2 - Forward SM destined packets upstream. This not only
> prevents multicast/broadcast and unicast SM-to-SM communication but also
> sends the packets, which otherwise may have been handled SM to SM, through
> the Ethernet port of the AP.
>
> -  Doesn�t work, I thought this would work, I assumed all
> packets would be sent upstream to the router than the router would send it
> back to the clients, similar to how mac forced forwarding works on my fiber
> network.�
>
> �
>
> So I guess my question is �Am I totally miss understanding what option 2
> does?� Is the only possible way to allow vpn traffic between sms on the
> same access points have to have �Disable SM Isolation set?�
>
> �
>
> Thanks, Craig.
>
> �
>
> *Craig R. Schmaderer*
>
> *CEO | Skywave Wireless, Inc.*
>
> *Ph: 402-372-1975 | Fax: 402-372-1058*
>
> *Direct: 402-372-1052*
>
> �
>
>
>

Re: [AFMUG] SM Isolation Question

[Craig Schmaderer]

Yeah I was trying to keep this simple and leaving isolation on but it looks 
like on that ap ill have to disable it.  For what it is worth, I do believe 
that anyone that wants to run vpns between locations should be able to do it 
without any special treatment,

From: Af [mailto:af-boun...@afmug.com] On Behalf Of George Skorup
Sent: Tuesday, May 24, 2016 11:51 AM
To: af@afmug.com
Subject: Re: [AFMUG] SM Isolation Question

Disable SM isolation or route between them (/30's or whatever).
On 5/24/2016 11:36 AM, Craig Schmaderer wrote:
Example:
I have a 450 Access Point that has 3 sms belonging to one company with 3 sites.
This client wants to have vpns between all locations.� They are all on the 
same layer 2 network (same vlan)
�
Options and expected outcomes
*** Disable SM Isolation (the default selection). This allows full 
communication between SMs.

-  Works fine, all traffic can pass, Expected�..
���������������
*** Enable Option 1 - Block SM destined packets from being forwarded. This 
prevents both multicast/broadcast and unicast SM-to-SM communication.

-  Doesn�t work, can establish connections between sms.� 
Expected��

�
*** Enable Option 2 - Forward SM destined packets upstream. This not only 
prevents multicast/broadcast and unicast SM-to-SM communication but also sends 
the packets, which otherwise may have been handled SM to SM, through the 
Ethernet port of the AP.

-  Doesn�t work, I thought this would work, I assumed all packets 
would be sent upstream to the router than the router would send it back to the 
clients, similar to how mac forced forwarding works on my fiber network.�
�
So I guess my question is �Am I totally miss understanding what option 2 
does?� Is the only possible way to allow vpn traffic between sms on the same 
access points have to have �Disable SM Isolation set?�
�
Thanks, Craig.
�
Craig R. Schmaderer
CEO | Skywave Wireless, Inc.
Ph: 402-372-1975 | Fax: 402-372-1058
Direct: 402-372-1052
�

Re: [AFMUG] SM Isolation Question

[Seth Mattinen]

Sell the customer a VPLS-based solution.

~Seth

Re: [AFMUG] SM Isolation Question

[Lewis Bergman]

I saw a couple of ISP's actually go out of business trying To let customers
treat the isp network as Their own.  We always assigned public /30 to each
and rooted the tunnels

On Tue, May 24, 2016 at 11:46 AM That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> take them out of the vlan and do option 2
>
> On Tue, May 24, 2016 at 11:36 AM, Craig Schmaderer <
> cr...@skywaveconnect.com> wrote:
>
>> Example:
>>
>> I have a 450 Access Point that has 3 sms belonging to one company with 3
>> sites.
>>
>> This client wants to have vpns between all locations.  They are all on
>> the same layer 2 network (same vlan)
>>
>>
>>
>> Options and expected outcomes
>>
>> · Disable SM Isolation (the default selection). This allows full
>> communication between SMs.
>>
>> -  Works fine, all traffic can pass, Expected…..
>>
>>
>>
>> · Enable Option 1 - Block SM destined packets from being forwarded. This
>> prevents both multicast/broadcast and unicast SM-to-SM communication.
>>
>> -  Doesn’t work, can establish connections between sms.
>> Expected……
>>
>>
>>
>> · Enable Option 2 - Forward SM destined packets upstream. This not only
>> prevents multicast/broadcast and unicast SM-to-SM communication but also
>> sends the packets, which otherwise may have been handled SM to SM, through
>> the Ethernet port of the AP.
>>
>> -  Doesn’t work, I thought this would work, I assumed all
>> packets would be sent upstream to the router than the router would send it
>> back to the clients, similar to how mac forced forwarding works on my fiber
>> network.
>>
>>
>>
>> So I guess my question is “Am I totally miss understanding what option 2
>> does?  Is the only possible way to allow vpn traffic between sms on the
>> same access points have to have “Disable SM Isolation set?”
>>
>>
>>
>> Thanks, Craig.
>>
>>
>>
>> *Craig R. Schmaderer*
>>
>> *CEO | Skywave Wireless, Inc.*
>>
>> *Ph: 402-372-1975 <402-372-1975> | Fax: 402-372-1058 <402-372-1058>*
>>
>> *Direct: 402-372-1052 <402-372-1052>*
>>
>>
>>
>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

Re: [AFMUG] SM Isolation Question

[George Skorup]

Disable SM isolation or route between them (/30's or whatever).

On 5/24/2016 11:36 AM, Craig Schmaderer wrote:


Example:

I have a 450 Access Point that has 3 sms belonging to one company with 
3 sites.


This client wants to have vpns between all locations.  They are all on 
the same layer 2 network (same vlan)


Options and expected outcomes

� Disable SM Isolation (the default selection). This allows full 
communication between SMs.


-Works fine, all traffic can pass, Expected�..

� Enable Option 1 - Block SM destined packets from being forwarded. 
This prevents both multicast/broadcast and unicast SM-to-SM 
communication.


-Doesn�t work, can establish connections between sms.  Expected��

� Enable Option 2 - Forward SM destined packets upstream. This not 
only prevents multicast/broadcast and unicast SM-to-SM communication 
but also sends the packets, which otherwise may have been handled SM 
to SM, through the Ethernet port of the AP.


-Doesn�t work, I thought this would work, I assumed all packets would 
be sent upstream to the router than the router would send it back to 
the clients, similar to how mac forced forwarding works on my fiber 
network.


So I guess my question is �Am I totally miss understanding what option 
2 does?  Is the only possible way to allow vpn traffic between sms on 
the same access points have to have �Disable SM Isolation set?�


Thanks, Craig.

/Craig R. Schmaderer/

/CEO | Skywave Wireless, Inc./

/Ph: 402-372-1975 | Fax: 402-372-1058/

/Direct: 402-372-1052/

Re: [AFMUG] SM Isolation Question

[That One Guy /sarcasm]

take them out of the vlan and do option 2

On Tue, May 24, 2016 at 11:36 AM, Craig Schmaderer  wrote:

> Example:
>
> I have a 450 Access Point that has 3 sms belonging to one company with 3
> sites.
>
> This client wants to have vpns between all locations.  They are all on the
> same layer 2 network (same vlan)
>
>
>
> Options and expected outcomes
>
> · Disable SM Isolation (the default selection). This allows full
> communication between SMs.
>
> -  Works fine, all traffic can pass, Expected…..
>
>
>
> · Enable Option 1 - Block SM destined packets from being forwarded. This
> prevents both multicast/broadcast and unicast SM-to-SM communication.
>
> -  Doesn’t work, can establish connections between sms.
> Expected……
>
>
>
> · Enable Option 2 - Forward SM destined packets upstream. This not only
> prevents multicast/broadcast and unicast SM-to-SM communication but also
> sends the packets, which otherwise may have been handled SM to SM, through
> the Ethernet port of the AP.
>
> -  Doesn’t work, I thought this would work, I assumed all packets
> would be sent upstream to the router than the router would send it back to
> the clients, similar to how mac forced forwarding works on my fiber
> network.
>
>
>
> So I guess my question is “Am I totally miss understanding what option 2
> does?  Is the only possible way to allow vpn traffic between sms on the
> same access points have to have “Disable SM Isolation set?”
>
>
>
> Thanks, Craig.
>
>
>
> *Craig R. Schmaderer*
>
> *CEO | Skywave Wireless, Inc.*
>
> *Ph: 402-372-1975 <402-372-1975> | Fax: 402-372-1058 <402-372-1058>*
>
> *Direct: 402-372-1052 <402-372-1052>*
>
>
>



-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

[AFMUG] SM Isolation Question

[Craig Schmaderer]

Example:
I have a 450 Access Point that has 3 sms belonging to one company with 3 sites.
This client wants to have vpns between all locations.  They are all on the same 
layer 2 network (same vlan)

Options and expected outcomes
* Disable SM Isolation (the default selection). This allows full communication 
between SMs.

-  Works fine, all traffic can pass, Expected.

* Enable Option 1 - Block SM destined packets from being forwarded. This 
prevents both multicast/broadcast and unicast SM-to-SM communication.

-  Doesn't work, can establish connections between sms.  Expected..


* Enable Option 2 - Forward SM destined packets upstream. This not only 
prevents multicast/broadcast and unicast SM-to-SM communication but also sends 
the packets, which otherwise may have been handled SM to SM, through the 
Ethernet port of the AP.

-  Doesn't work, I thought this would work, I assumed all packets would 
be sent upstream to the router than the router would send it back to the 
clients, similar to how mac forced forwarding works on my fiber network.

So I guess my question is "Am I totally miss understanding what option 2 does?  
Is the only possible way to allow vpn traffic between sms on the same access 
points have to have "Disable SM Isolation set?"

Thanks, Craig.

Craig R. Schmaderer
CEO | Skywave Wireless, Inc.
Ph: 402-372-1975 | Fax: 402-372-1058
Direct: 402-372-1052

Re: [AFMUG] SM Isolation question

[Jerry Head via Af]

+1 Travis

On 10/16/2014 9:02 AM, Travis Johnson via Af wrote:
How do you figure? Everything will eventually be SaaS... and it's a 
much better model for both sides. The software stays updated and 
current and bug fixes are instant. The initial cost to start with the 
software is usually 1/10th what it would be to buy, and it allows 
people to use the software from anywhere.


Many years ago, I was of the same opinion. Then I started to realize 
my time (or anyone else's time) was better spent focusing on the 
product we sold rather than installing/fixing/supporting someone 
else's software.


I know I personally spent at least 50+ hours over the previous 15 
years installing/fixing/supporting Quickbooks on our LAN. Getting it 
installed on a server, setting up the shares, mapping drive letters, 
installing it on each PC, etc. The software cost us $500 to buy, and 
then the yearly updates were usually $200-$300. Or you can subscribe 
to the online version for $39/month and be done with it. It's 
automatically backed up, you don't have to host it on your own server, 
or worry about upgrade issues or users with problems, etc.


Time is money. Spend your time doing what you know how to do, and hire 
someone else to do the other tasks. :)


Travis

On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

True story.

___
Mangled by my iPhone.
___

Tyler Treat
Corn Belt Technologies, Inc.

tyler.tr...@cornbelttech.com 
___


On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af > wrote:


Yeah, SaaS is great for the company that owns it, not so great for 
everyone else.


On Wednesday, October 15, 2014, Travis Johnson via Af > wrote:


Nope... mainly SaaS companies and real estate. Best of both
worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com 
@aeronetpr






On 10/15/14, 5:31 PM, "Travis Johnson via Af" 
wrote:

It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th.
Always stuff going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com 
@aeronetpr






On 10/15/14, 4:14 PM, "Travis Johnson via Af"
 wrote:

The other issue is p2p traffic between two
people on the same AP
and
if you are doing bandwidth shaping in your
router, even at the tower,
you will never see these packets. Or in the case
the original poster
asked about, that customer could keep a high-def
window open of all
their video cameras at the other location, using
3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber
Broadcasting) via Af wrote:

When you forward SM-to-SM traffic upstream,
there's nothing the router
can do about it. Put the two locations on
different IP subnets so that
traffic between the two has to be routed. Or
turn off SM isolation.

I leave SM isolation off because I'm not
that paranoid. The biggest
risk is broadcast/multicast crap flying
around. So use the SM uplink
broadcast/multicast rate limiting. This is
one of the best features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via
Af wrote:

We have a customer that has two SM's on
the same AP at separate
physical locations (home and office).
The have a DVR at each location
that they want to view. Everything is
configured properly on their
end to view the DVR's on port 80 through
   

Re: [AFMUG] SM Isolation question

[Ken Hohhof via Af]

My main complaint about Office 365 is it’s extremely confusing, as there seems 
to be a run locally but subscribe to online updates model, as well as a totally 
cloud based model where everything’s in the cloud including your data.  And if 
a customer calls having trouble with Office 365, they of course don’t have a 
clue how they are set up.  Add the fact that someone buys a new computer like a 
Surface and the first thing it has you do is set up a Microsoft email address 
as a login for the computer, and starts backing up your data by default on 
Skydrive.  Or is it Onedrive now?  Thing is, average customer without an IT 
department actually doesn’t understand where on the continuum from “box 
software” to Saas and “in the cloud” he is.  Where is my software?  Where is my 
data?  Am I launching software, or a browser window?  Can I use it without an 
Internet connection?  What happens if I stop my subscription?  I dunno.  Who do 
I call?  It says to call my network administrator.  That must mean my ISP.  OK, 
dialing my ISP now.

From: Bill Prince via Af 
Sent: Thursday, October 16, 2014 10:41 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

I've got to say I'm firmly on the fence with regard to this issue.

The last time we paid for MS Office was back in 2000 (seriously).  I think we 
paid $400 or $500 for it, and it was the type of thing that we could load on a 
couple of PCs for the duration.  Yes, it got long in tooth, but it worked, and 
it did what we wanted.  That came to about $16 per PC per year.  Pretty good 
deal, and I don't think we missed out on much.  Sure, a couple of years ago, MS 
made a major change to file formats that the old version couldn't open, but 
they also provided viewers and converters so we made do.

However, most of the office files you see these days are the new format, so we 
decided to get the new version as a service.  We're paying $150 per year for 5 
seats (which we only need 4 of).  So that will be $37 per PC per year (or $30 
per PC per year if we install it on another PC).  Call that inflation, but it 
also gets updates on a more-or-less continuous basis.

The biggest downside is that the new office contains a bunch of cruff that we 
don't need, and "probably" won't use.

Call it progress, or whatever.  I've seen a bunch of model-evolutions over the 
years, and this just seems to be the latest.


bpOn 10/16/2014 8:21 AM, Adam Moffett via Af wrote:



  AutodeskThey still charge thousands of a copy of autoCAD, but you can get 
it on a month to month basis for $60/month, or pay for a whole year and it's 
like $35/month.

  I would never have been able to justify paying them $3k for something I would 
use 4 times a year, but I can pay them $60 each for the four times I want to 
use it.  Before that I would limit my use to twice a yearone 30 day demo of 
the current release of autoCAD and one 30 day demo of the current autoCAD LT.


I don’t dispute that, or that SaaS is the wave of the future (present?), 
just I find Intuit to be a money-grubbing borderline unethical company to deal 
with, that nonetheless dominates their market niche.  Probably because the 
accountants all use it.  As far as getting the bug fixes immediately because 
you subscribe as a service, that would mean more if it didn’t take Intuit years 
to fix bugs.  There is actually very little improvement from year to year in 
Quickbooks, it is mostly cosmetic or related to new services they want to sell 
you.  Which tend to be pretty poor, for example their payroll service is really 
pathetic, you’re almost better off filling out the tax forms by hand.

But as an other example of SaaS, Adobe has gone heavily that direction with 
their creative suites.  If you are a graphic designer or web designer, I’m sure 
it’s a very good deal.  For someone like me with an owned copy of Photoshop, it 
probably doesn’t make sense to start paying monthly, since I could care less 
about having the latest improvements, I don’t use it intensively enough to make 
it worthwhile.  Maybe for Dreamweaver since HTML techniques are changing all 
the time.  At least Adobe doesn’t require that you are connected to the 
Internet in order to use the software.  I don’t really have any problem with 
their approach, even though it doesn’t work out so well for me.


From: Travis Johnson via Af 
Sent: Thursday, October 16, 2014 9:38 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

I haven't seen the same results... every single company I am involved with, 
and even the 20+ that I have met with over the last three months have all used 
Quickbooks.

Travis


On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote:

  I would not use anything related to Quickbooks as an example of the best 
way to do something.

  Your only choices from Intuit are how you get screwed, not whether.


  From: Travis Jo

Re: [AFMUG] SM Isolation question

[Bill Prince via Af]

I've got to say I'm firmly on the fence with regard to this issue.

The last time we paid for MS Office was back in 2000 (seriously). I 
think we paid $400 or $500 for it, and it was the type of thing that we 
could load on a couple of PCs for the duration.  Yes, it got long in 
tooth, but it worked, and it did what we wanted.  That came to about $16 
per PC per year.  Pretty good deal, and I don't think we missed out on 
much.  Sure, a couple of years ago, MS made a major change to file 
formats that the old version couldn't open, but they also provided 
viewers and converters so we made do.


However, most of the office files you see these days are the new format, 
so we decided to get the new version as a service.  We're paying $150 
per year for 5 seats (which we only need 4 of).  So that will be $37 per 
PC per year (or $30 per PC per year if we install it on another PC).  
Call that inflation, but it also gets updates on a more-or-less 
continuous basis.


The biggest downside is that the new office contains a bunch of cruff 
that we don't need, and "probably" won't use.


Call it progress, or whatever.  I've seen a bunch of model-evolutions 
over the years, and this just seems to be the latest.


bp

On 10/16/2014 8:21 AM, Adam Moffett via Af wrote:


AutodeskThey still charge thousands of a copy of autoCAD, but you 
can get it on a month to month basis for $60/month, or pay for a whole 
year and it's like $35/month.


I would never have been able to justify paying them $3k for something 
I would use 4 times a year, but I can pay them $60 each for the four 
times I want to use it.  Before that I would limit my use to twice a 
yearone 30 day demo of the current release of autoCAD and one 30 
day demo of the current autoCAD LT.


I don’t dispute that, or that SaaS is the wave of the future 
(present?), just I find Intuit to be a money-grubbing borderline 
unethical company to deal with, that nonetheless dominates their 
market niche.  Probably because the accountants all use it.  As far 
as getting the bug fixes immediately because you subscribe as a 
service, that would mean more if it didn’t take Intuit years to fix 
bugs.  There is actually very little improvement from year to year in 
Quickbooks, it is mostly cosmetic or related to new services they 
want to sell you.  Which tend to be pretty poor, for example their 
payroll service is really pathetic, you’re almost better off filling 
out the tax forms by hand.
But as an other example of SaaS, Adobe has gone heavily that 
direction with their creative suites.  If you are a graphic designer 
or web designer, I’m sure it’s a very good deal.  For someone like me 
with an owned copy of Photoshop, it probably doesn’t make sense to 
start paying monthly, since I could care less about having the latest 
improvements, I don’t use it intensively enough to make it 
worthwhile.  Maybe for Dreamweaver since HTML techniques are changing 
all the time.  At least Adobe doesn’t require that you are connected 
to the Internet in order to use the software.  I don’t really have 
any problem with their approach, even though it doesn’t work out so 
well for me.

*From:* Travis Johnson via Af <mailto:af@afmug.com>
*Sent:* Thursday, October 16, 2014 9:38 AM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] SM Isolation question
I haven't seen the same results... every single company I am involved 
with, and even the 20+ that I have met with over the last three 
months have all used Quickbooks.


Travis

On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote:
I would not use anything related to Quickbooks as an example of the 
best way to do something.

Your only choices from Intuit are how you get screwed, not whether.
*From:* Travis Johnson via Af <mailto:af@afmug.com>
*Sent:* Thursday, October 16, 2014 9:02 AM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] SM Isolation question
How do you figure? Everything will eventually be SaaS... and it's a 
much better model for both sides. The software stays updated and 
current and bug fixes are instant. The initial cost to start with 
the software is usually 1/10th what it would be to buy, and it 
allows people to use the software from anywhere.


Many years ago, I was of the same opinion. Then I started to realize 
my time (or anyone else's time) was better spent focusing on the 
product we sold rather than installing/fixing/supporting someone 
else's software.


I know I personally spent at least 50+ hours over the previous 15 
years installing/fixing/supporting Quickbooks on our LAN. Getting it 
installed on a server, setting up the shares, mapping drive letters, 
installing it on each PC, etc. The software cost us $500 to buy, and 
then the yearly updates were usually $200-$300. Or you can subscribe 
to the online version for $39/month and be done with it. It's 
automatically backed up, 

Re: [AFMUG] SM Isolation question

[Tyler Treat via Af]

I find it makes much more sense in enabling a small business to latch onto 
software it couldn’t otherwise afford.  My issue is in large organizations.  
It’s purely a money grab, attempting to extort as much cash from the client as 
possible, especially painful when someone is trying to sucker you for $50k + 
per year on software that used to cost $70k one time, + 10% maintenance yearly.
In a large organization with an established data center with proper DR 
strategy, it’s an insult to the investment made in equipment and people.   
Especially in healthcare, the more of my data that lives in someone’s random 
cloud, likely Amazon, the larger the risk to my data!  We need “boxed” software 
(remember when software came in boxes, lol!) that we can deploy, and then 
upgrade it as part of the upgrade cycle.

/rant


From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jason McKemie via Af
Sent: Thursday, October 16, 2014 10:20 AM
To: af@afmug.com
Subject: [AFMUG] SM Isolation question

SaaS makes sense for some applications, but a lot of what I'm seeing it applied 
to is just a money grab. Some things are just set up and go, I don't need 
updates or support, so long as the software does what I bought it to do. A 
great example of this is a point of sale system I'm installing. Nearly every 
company wanted an upfront fee plus anywhere from $40-$60 / terminal / month. I 
found software that allows multiple terminals for $1k (no monthly recurring). 
This will pay for itself in probably 6 months.

On Thursday, October 16, 2014, Travis Johnson via Af 
> wrote:
How do you figure? Everything will eventually be SaaS... and it's a much better 
model for both sides. The software stays updated and current and bug fixes are 
instant. The initial cost to start with the software is usually 1/10th what it 
would be to buy, and it allows people to use the software from anywhere.

Many years ago, I was of the same opinion. Then I started to realize my time 
(or anyone else's time) was better spent focusing on the product we sold rather 
than installing/fixing/supporting someone else's software.

I know I personally spent at least 50+ hours over the previous 15 years 
installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a 
server, setting up the shares, mapping drive letters, installing it on each PC, 
etc. The software cost us $500 to buy, and then the yearly updates were usually 
$200-$300. Or you can subscribe to the online version for $39/month and be done 
with it. It's automatically backed up, you don't have to host it on your own 
server, or worry about upgrade issues or users with problems, etc.

Time is money. Spend your time doing what you know how to do, and hire someone 
else to do the other tasks. :)

Travis
On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:
True story.
___
Mangled by my iPhone.
___

Tyler Treat
Corn Belt Technologies, Inc.

tyler.tr...@cornbelttech.com<mailto:tyler.tr...@cornbelttech.com>
___


On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af 
mailto:af@afmug.com>> wrote:
Yeah, SaaS is great for the company that owns it, not so great for everyone 
else.

On Wednesday, October 15, 2014, Travis Johnson via Af 
mailto:af@afmug.com>> wrote:
Nope... mainly SaaS companies and real estate. Best of both worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:
Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com<http://www.aeronetpr.com>
@aeronetpr






On 10/15/14, 5:31 PM, "Travis Johnson via Af" 
mailto:af@afmug.com>> wrote:
It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th. Always stuff going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:
Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com<http://www.aeronetpr.com>
@aeronetpr






On 10/15/14, 4:14 PM, "Travis Johnson via Af" 
mailto:af@afmug.com>> wrote:
The other issue is p2p traffic between two people on the same AP
and
if you are doing bandwidth shaping in your router, even at the tower,
you will never see these packets. Or in the case the original poster
asked about, that customer could keep a high-def window open of all
their video cameras at the other location, using 3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
When you forward SM-to-SM traffic upstream, there's nothing the router
can do about it. Put the two locations on different IP subnets so that
traffic between the two has to be routed. Or turn off SM isolation.

I leave SM isolation off because I'm not that 

Re: [AFMUG] SM Isolation question

[Adam Moffett via Af]

AutodeskThey still charge thousands of a copy of autoCAD, but you 
can get it on a month to month basis for $60/month, or pay for a whole 
year and it's like $35/month.


I would never have been able to justify paying them $3k for something I 
would use 4 times a year, but I can pay them $60 each for the four times 
I want to use it.  Before that I would limit my use to twice a 
yearone 30 day demo of the current release of autoCAD and one 30 day 
demo of the current autoCAD LT.


I don’t dispute that, or that SaaS is the wave of the future 
(present?), just I find Intuit to be a money-grubbing borderline 
unethical company to deal with, that nonetheless dominates their 
market niche.  Probably because the accountants all use it.  As far as 
getting the bug fixes immediately because you subscribe as a service, 
that would mean more if it didn’t take Intuit years to fix bugs.  
There is actually very little improvement from year to year in 
Quickbooks, it is mostly cosmetic or related to new services they want 
to sell you.  Which tend to be pretty poor, for example their payroll 
service is really pathetic, you’re almost better off filling out the 
tax forms by hand.
But as an other example of SaaS, Adobe has gone heavily that direction 
with their creative suites.  If you are a graphic designer or web 
designer, I’m sure it’s a very good deal.  For someone like me with an 
owned copy of Photoshop, it probably doesn’t make sense to start 
paying monthly, since I could care less about having the latest 
improvements, I don’t use it intensively enough to make it 
worthwhile.  Maybe for Dreamweaver since HTML techniques are changing 
all the time.  At least Adobe doesn’t require that you are connected 
to the Internet in order to use the software.  I don’t really have any 
problem with their approach, even though it doesn’t work out so well 
for me.

*From:* Travis Johnson via Af <mailto:af@afmug.com>
*Sent:* Thursday, October 16, 2014 9:38 AM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] SM Isolation question
I haven't seen the same results... every single company I am involved 
with, and even the 20+ that I have met with over the last three months 
have all used Quickbooks.


Travis

On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote:
I would not use anything related to Quickbooks as an example of the 
best way to do something.

Your only choices from Intuit are how you get screwed, not whether.
*From:* Travis Johnson via Af <mailto:af@afmug.com>
*Sent:* Thursday, October 16, 2014 9:02 AM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] SM Isolation question
How do you figure? Everything will eventually be SaaS... and it's a 
much better model for both sides. The software stays updated and 
current and bug fixes are instant. The initial cost to start with the 
software is usually 1/10th what it would be to buy, and it allows 
people to use the software from anywhere.


Many years ago, I was of the same opinion. Then I started to realize 
my time (or anyone else's time) was better spent focusing on the 
product we sold rather than installing/fixing/supporting someone 
else's software.


I know I personally spent at least 50+ hours over the previous 15 
years installing/fixing/supporting Quickbooks on our LAN. Getting it 
installed on a server, setting up the shares, mapping drive letters, 
installing it on each PC, etc. The software cost us $500 to buy, and 
then the yearly updates were usually $200-$300. Or you can subscribe 
to the online version for $39/month and be done with it. It's 
automatically backed up, you don't have to host it on your own 
server, or worry about upgrade issues or users with problems, etc.


Time is money. Spend your time doing what you know how to do, and 
hire someone else to do the other tasks. :)


Travis

On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

True story.

___
Mangled by my iPhone.
___
Tyler Treat
Corn Belt Technologies, Inc.
tyler.tr...@cornbelttech.com <mailto:tyler.tr...@cornbelttech.com>
___

On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af <mailto:af@afmug.com>> wrote:


Yeah, SaaS is great for the company that owns it, not so great for 
everyone else.


On Wednesday, October 15, 2014, Travis Johnson via Af <mailto:af@afmug.com>> wrote:


Nope... mainly SaaS companies and real estate. Best of both
worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com <http://www.aeronetpr.com>
@aeronetpr






On 10/15/14, 5:31 PM, "Travis Johnson via Af"
 wrote:

It just depends on the day... :)

Invo

[AFMUG] SM Isolation question

[Jason McKemie via Af]

SaaS makes sense for some applications, but a lot of what I'm seeing it
applied to is just a money grab. Some things are just set up and go, I
don't need updates or support, so long as the software does what I bought
it to do. A great example of this is a point of sale system I'm installing.
Nearly every company wanted an upfront fee plus anywhere from $40-$60 /
terminal / month. I found software that allows multiple terminals for $1k
(no monthly recurring). This will pay for itself in probably 6 months.

On Thursday, October 16, 2014, Travis Johnson via Af > wrote:

>  How do you figure? Everything will eventually be SaaS... and it's a much
> better model for both sides. The software stays updated and current and bug
> fixes are instant. The initial cost to start with the software is usually
> 1/10th what it would be to buy, and it allows people to use the software
> from anywhere.
>
> Many years ago, I was of the same opinion. Then I started to realize my
> time (or anyone else's time) was better spent focusing on the product we
> sold rather than installing/fixing/supporting someone else's software.
>
> I know I personally spent at least 50+ hours over the previous 15 years
> installing/fixing/supporting Quickbooks on our LAN. Getting it installed on
> a server, setting up the shares, mapping drive letters, installing it on
> each PC, etc. The software cost us $500 to buy, and then the yearly updates
> were usually $200-$300. Or you can subscribe to the online version for
> $39/month and be done with it. It's automatically backed up, you don't have
> to host it on your own server, or worry about upgrade issues or users with
> problems, etc.
>
> Time is money. Spend your time doing what you know how to do, and hire
> someone else to do the other tasks. :)
>
> Travis
>
> On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:
>
> True story.
>
> ___
> Mangled by my iPhone.
> ___
>
>  Tyler Treat
> Corn Belt Technologies, Inc.
>
>  tyler.tr...@cornbelttech.com
> ___
>
>
> On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af  wrote:
>
>  Yeah, SaaS is great for the company that owns it, not so great for
> everyone else.
>
> On Wednesday, October 15, 2014, Travis Johnson via Af 
> wrote:
>
>> Nope... mainly SaaS companies and real estate. Best of both worlds. :)
>>
>> Travis
>>
>> On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:
>>
>>> Someone told me you were getting into manufacturing��
>>>
>>>
>>>
>>> Gino A. Villarini
>>> President
>>> Aeronet Wireless Broadband Corp.
>>> www.aeronetpr.com
>>> @aeronetpr
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 10/15/14, 5:31 PM, "Travis Johnson via Af"  wrote:
>>>
>>>  It just depends on the day... :)

 Involved in 11 companies now, and looking at a 12th. Always stuff going
 on. LOL

 Travis

 On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

> Travis, are you getting bored at your current job? Lol!!
>
> Great to see you active in the list!
>
>
>
> Gino A. Villarini
> President
> Aeronet Wireless Broadband Corp.
> www.aeronetpr.com
> @aeronetpr
>
>
>
>
>
>
> On 10/15/14, 4:14 PM, "Travis Johnson via Af"  wrote:
>
>  The other issue is p2p traffic between two people on the same AP
>> and
>> if you are doing bandwidth shaping in your router, even at the tower,
>> you will never see these packets. Or in the case the original poster
>> asked about, that customer could keep a high-def window open of all
>> their video cameras at the other location, using 3-4Mbps of constant
>> traffic, and you would never see it.
>>
>> Travis
>>
>> On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af
>> wrote:
>>
>>> When you forward SM-to-SM traffic upstream, there's nothing the
>>> router
>>> can do about it. Put the two locations on different IP subnets so
>>> that
>>> traffic between the two has to be routed. Or turn off SM isolation.
>>>
>>> I leave SM isolation off because I'm not that paranoid. The biggest
>>> risk is broadcast/multicast crap flying around. So use the SM uplink
>>> broadcast/multicast rate limiting. This is one of the best features
>>> of
>>> Canopy, IMO.
>>>
>>> On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
>>>
 We have a customer that has two SM's on the same AP at separate
 physical locations (home and office). The have a DVR at each
 location
 that they want to view. Everything is configured properly on their
 end to view the DVR's on port 80 through their routers.   Problem is
 that we have SM isolation turned on with option 2 to forward packets
 upstream and they want to see the home when at the office and the
 office when at home.

 So I set up a mangle rule in my Mikortik to mark the

Re: [AFMUG] SM Isolation question

[Chuck McCown via Af]

One thing I did subscribe to and I do use is Adobe’s PDF conversion service.  
It is awesome, much better than any other tool I have used for the same 
purpose.  It converts stuff to word and it is essentially perfect.

From: Ken Hohhof via Af 
Sent: Thursday, October 16, 2014 9:02 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

I don’t dispute that, or that SaaS is the wave of the future (present?), just I 
find Intuit to be a money-grubbing borderline unethical company to deal with, 
that nonetheless dominates their market niche.  Probably because the 
accountants all use it.  As far as getting the bug fixes immediately because 
you subscribe as a service, that would mean more if it didn’t take Intuit years 
to fix bugs.  There is actually very little improvement from year to year in 
Quickbooks, it is mostly cosmetic or related to new services they want to sell 
you.  Which tend to be pretty poor, for example their payroll service is really 
pathetic, you’re almost better off filling out the tax forms by hand.

But as an other example of SaaS, Adobe has gone heavily that direction with 
their creative suites.  If you are a graphic designer or web designer, I’m sure 
it’s a very good deal.  For someone like me with an owned copy of Photoshop, it 
probably doesn’t make sense to start paying monthly, since I could care less 
about having the latest improvements, I don’t use it intensively enough to make 
it worthwhile.  Maybe for Dreamweaver since HTML techniques are changing all 
the time.  At least Adobe doesn’t require that you are connected to the 
Internet in order to use the software.  I don’t really have any problem with 
their approach, even though it doesn’t work out so well for me.


From: Travis Johnson via Af 
Sent: Thursday, October 16, 2014 9:38 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

I haven't seen the same results... every single company I am involved with, and 
even the 20+ that I have met with over the last three months have all used 
Quickbooks.

Travis


On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote:

  I would not use anything related to Quickbooks as an example of the best way 
to do something.

  Your only choices from Intuit are how you get screwed, not whether.


  From: Travis Johnson via Af 
  Sent: Thursday, October 16, 2014 9:02 AM
  To: af@afmug.com 
  Subject: Re: [AFMUG] SM Isolation question

  How do you figure? Everything will eventually be SaaS... and it's a much 
better model for both sides. The software stays updated and current and bug 
fixes are instant. The initial cost to start with the software is usually 
1/10th what it would be to buy, and it allows people to use the software from 
anywhere.

  Many years ago, I was of the same opinion. Then I started to realize my time 
(or anyone else's time) was better spent focusing on the product we sold rather 
than installing/fixing/supporting someone else's software.

  I know I personally spent at least 50+ hours over the previous 15 years 
installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a 
server, setting up the shares, mapping drive letters, installing it on each PC, 
etc. The software cost us $500 to buy, and then the yearly updates were usually 
$200-$300. Or you can subscribe to the online version for $39/month and be done 
with it. It's automatically backed up, you don't have to host it on your own 
server, or worry about upgrade issues or users with problems, etc.

  Time is money. Spend your time doing what you know how to do, and hire 
someone else to do the other tasks. :)

  Travis


  On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

True story.  


___
Mangled by my iPhone.
___

Tyler Treat
Corn Belt Technologies, Inc. 

tyler.tr...@cornbelttech.com
___


On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af  wrote:


  Yeah, SaaS is great for the company that owns it, not so great for 
everyone else.

  On Wednesday, October 15, 2014, Travis Johnson via Af  
wrote:

Nope... mainly SaaS companies and real estate. Best of both worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

  Someone told me you were getting into manufacturing��



  Gino A. Villarini
  President
  Aeronet Wireless Broadband Corp.
  www.aeronetpr.com
  @aeronetpr






  On 10/15/14, 5:31 PM, "Travis Johnson via Af"  wrote:


It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th. Always stuff 
going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

  Travis, are you getting bored at your current job? Lol!!

  Great to see you active in the list!



  G

Re: [AFMUG] SM Isolation question

[Seth Mattinen via Af]

On 10/16/14, 8:02 AM, Ken Hohhof via Af wrote:

If you are a graphic designer or web designer, I’m sure it’s a very good
deal.



I'll have to ask one of my ad agency customers what they think of it.

~Seth

Re: [AFMUG] SM Isolation question

[Ken Hohhof via Af]

I don’t dispute that, or that SaaS is the wave of the future (present?), just I 
find Intuit to be a money-grubbing borderline unethical company to deal with, 
that nonetheless dominates their market niche.  Probably because the 
accountants all use it.  As far as getting the bug fixes immediately because 
you subscribe as a service, that would mean more if it didn’t take Intuit years 
to fix bugs.  There is actually very little improvement from year to year in 
Quickbooks, it is mostly cosmetic or related to new services they want to sell 
you.  Which tend to be pretty poor, for example their payroll service is really 
pathetic, you’re almost better off filling out the tax forms by hand.

But as an other example of SaaS, Adobe has gone heavily that direction with 
their creative suites.  If you are a graphic designer or web designer, I’m sure 
it’s a very good deal.  For someone like me with an owned copy of Photoshop, it 
probably doesn’t make sense to start paying monthly, since I could care less 
about having the latest improvements, I don’t use it intensively enough to make 
it worthwhile.  Maybe for Dreamweaver since HTML techniques are changing all 
the time.  At least Adobe doesn’t require that you are connected to the 
Internet in order to use the software.  I don’t really have any problem with 
their approach, even though it doesn’t work out so well for me.


From: Travis Johnson via Af 
Sent: Thursday, October 16, 2014 9:38 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

I haven't seen the same results... every single company I am involved with, and 
even the 20+ that I have met with over the last three months have all used 
Quickbooks.

Travis


On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote:

  I would not use anything related to Quickbooks as an example of the best way 
to do something.

  Your only choices from Intuit are how you get screwed, not whether.


  From: Travis Johnson via Af 
  Sent: Thursday, October 16, 2014 9:02 AM
  To: af@afmug.com 
  Subject: Re: [AFMUG] SM Isolation question

  How do you figure? Everything will eventually be SaaS... and it's a much 
better model for both sides. The software stays updated and current and bug 
fixes are instant. The initial cost to start with the software is usually 
1/10th what it would be to buy, and it allows people to use the software from 
anywhere.

  Many years ago, I was of the same opinion. Then I started to realize my time 
(or anyone else's time) was better spent focusing on the product we sold rather 
than installing/fixing/supporting someone else's software.

  I know I personally spent at least 50+ hours over the previous 15 years 
installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a 
server, setting up the shares, mapping drive letters, installing it on each PC, 
etc. The software cost us $500 to buy, and then the yearly updates were usually 
$200-$300. Or you can subscribe to the online version for $39/month and be done 
with it. It's automatically backed up, you don't have to host it on your own 
server, or worry about upgrade issues or users with problems, etc.

  Time is money. Spend your time doing what you know how to do, and hire 
someone else to do the other tasks. :)

  Travis


  On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

True story.  


___
Mangled by my iPhone.
___

Tyler Treat
Corn Belt Technologies, Inc. 

tyler.tr...@cornbelttech.com
___


On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af  wrote:


  Yeah, SaaS is great for the company that owns it, not so great for 
everyone else.

  On Wednesday, October 15, 2014, Travis Johnson via Af  
wrote:

Nope... mainly SaaS companies and real estate. Best of both worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

  Someone told me you were getting into manufacturing��



  Gino A. Villarini
  President
  Aeronet Wireless Broadband Corp.
  www.aeronetpr.com
  @aeronetpr






  On 10/15/14, 5:31 PM, "Travis Johnson via Af"  wrote:


It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th. Always stuff 
going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

  Travis, are you getting bored at your current job? Lol!!

  Great to see you active in the list!



  Gino A. Villarini
  President
  Aeronet Wireless Broadband Corp.
  www.aeronetpr.com
  @aeronetpr






  On 10/15/14, 4:14 PM, "Travis Johnson via Af"  
wrote:


The other issue is p2p traffic between two people on the same 
AP
and
if you a

Re: [AFMUG] SM Isolation question

[Travis Johnson via Af]

I haven't seen the same results... every single company I am involved 
with, and even the 20+ that I have met with over the last three months 
have all used Quickbooks.


Travis

On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote:
I would not use anything related to Quickbooks as an example of the 
best way to do something.

Your only choices from Intuit are how you get screwed, not whether.
*From:* Travis Johnson via Af <mailto:af@afmug.com>
*Sent:* Thursday, October 16, 2014 9:02 AM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] SM Isolation question
How do you figure? Everything will eventually be SaaS... and it's a 
much better model for both sides. The software stays updated and 
current and bug fixes are instant. The initial cost to start with the 
software is usually 1/10th what it would be to buy, and it allows 
people to use the software from anywhere.


Many years ago, I was of the same opinion. Then I started to realize 
my time (or anyone else's time) was better spent focusing on the 
product we sold rather than installing/fixing/supporting someone 
else's software.


I know I personally spent at least 50+ hours over the previous 15 
years installing/fixing/supporting Quickbooks on our LAN. Getting it 
installed on a server, setting up the shares, mapping drive letters, 
installing it on each PC, etc. The software cost us $500 to buy, and 
then the yearly updates were usually $200-$300. Or you can subscribe 
to the online version for $39/month and be done with it. It's 
automatically backed up, you don't have to host it on your own server, 
or worry about upgrade issues or users with problems, etc.


Time is money. Spend your time doing what you know how to do, and hire 
someone else to do the other tasks. :)


Travis

On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

True story.

___
Mangled by my iPhone.
___
Tyler Treat
Corn Belt Technologies, Inc.
tyler.tr...@cornbelttech.com <mailto:tyler.tr...@cornbelttech.com>
___

On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af <mailto:af@afmug.com>> wrote:


Yeah, SaaS is great for the company that owns it, not so great for 
everyone else.


On Wednesday, October 15, 2014, Travis Johnson via Af <mailto:af@afmug.com>> wrote:


Nope... mainly SaaS companies and real estate. Best of both
worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com <http://www.aeronetpr.com>
@aeronetpr






On 10/15/14, 5:31 PM, "Travis Johnson via Af" 
wrote:

It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th.
Always stuff going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com <http://www.aeronetpr.com>
@aeronetpr






On 10/15/14, 4:14 PM, "Travis Johnson via Af"
 wrote:

The other issue is p2p traffic between two
people on the same AP
and
if you are doing bandwidth shaping in your
router, even at the tower,
you will never see these packets. Or in the case
the original poster
asked about, that customer could keep a high-def
window open of all
their video cameras at the other location, using
3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber
Broadcasting) via Af wrote:

When you forward SM-to-SM traffic upstream,
there's nothing the router
can do about it. Put the two locations on
different IP subnets so that
traffic between the two has to be routed. Or
turn off SM isolation.

I leave SM isolation off because I'm not
that paranoid. The biggest
risk is broadcast/multicast crap flying
around. So use the SM uplink
broadcast/multicast rate limiting. This is
one of the best 

Re: [AFMUG] SM Isolation question

[Chuck McCown via Af]

-Original Message- 
From: Ken Hohhof via Af 
Sent: Thursday, October 16, 2014 8:26 AM 
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question 

But at least with a big company you never have to worry they might have a 
"data breach", right?


-Original Message- 
From: Seth Mattinen via Af

Sent: Thursday, October 16, 2014 9:22 AM
To: af@afmug.com
Subject: Re: [AFMUG] SM Isolation question

On 10/16/14, 7:02 AM, Travis Johnson via Af wrote:


I know I personally spent at least 50+ hours over the previous 15 years
installing/fixing/supporting Quickbooks on our LAN. Getting it installed
on a server, setting up the shares, mapping drive letters, installing it
on each PC, etc. The software cost us $500 to buy, and then the yearly
updates were usually $200-$300. Or you can subscribe to the online
version for $39/month and be done with it. It's automatically backed up,
you don't have to host it on your own server, or worry about upgrade
issues or users with problems, etc.



One concern I have with that model is that it comes off like a
protection racket: it would be a shame what would happen to your files
if you stop paying.

~Seth 

Re: [AFMUG] SM Isolation question

[Ken Hohhof via Af]

But at least with a big company you never have to worry they might have a 
"data breach", right?


-Original Message- 
From: Seth Mattinen via Af

Sent: Thursday, October 16, 2014 9:22 AM
To: af@afmug.com
Subject: Re: [AFMUG] SM Isolation question

On 10/16/14, 7:02 AM, Travis Johnson via Af wrote:


I know I personally spent at least 50+ hours over the previous 15 years
installing/fixing/supporting Quickbooks on our LAN. Getting it installed
on a server, setting up the shares, mapping drive letters, installing it
on each PC, etc. The software cost us $500 to buy, and then the yearly
updates were usually $200-$300. Or you can subscribe to the online
version for $39/month and be done with it. It's automatically backed up,
you don't have to host it on your own server, or worry about upgrade
issues or users with problems, etc.



One concern I have with that model is that it comes off like a
protection racket: it would be a shame what would happen to your files
if you stop paying.

~Seth 

Re: [AFMUG] SM Isolation question

[Seth Mattinen via Af]

On 10/16/14, 7:02 AM, Travis Johnson via Af wrote:


I know I personally spent at least 50+ hours over the previous 15 years
installing/fixing/supporting Quickbooks on our LAN. Getting it installed
on a server, setting up the shares, mapping drive letters, installing it
on each PC, etc. The software cost us $500 to buy, and then the yearly
updates were usually $200-$300. Or you can subscribe to the online
version for $39/month and be done with it. It's automatically backed up,
you don't have to host it on your own server, or worry about upgrade
issues or users with problems, etc.



One concern I have with that model is that it comes off like a 
protection racket: it would be a shame what would happen to your files 
if you stop paying.


~Seth

Re: [AFMUG] SM Isolation question

[Chuck McCown via Af]

I am certainly not in love with intuit, what else can you use that is in the 
same range of cost and capability?

From: Ken Hohhof via Af 
Sent: Thursday, October 16, 2014 8:12 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

I would not use anything related to Quickbooks as an example of the best way to 
do something.

Your only choices from Intuit are how you get screwed, not whether.


From: Travis Johnson via Af 
Sent: Thursday, October 16, 2014 9:02 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

How do you figure? Everything will eventually be SaaS... and it's a much better 
model for both sides. The software stays updated and current and bug fixes are 
instant. The initial cost to start with the software is usually 1/10th what it 
would be to buy, and it allows people to use the software from anywhere.

Many years ago, I was of the same opinion. Then I started to realize my time 
(or anyone else's time) was better spent focusing on the product we sold rather 
than installing/fixing/supporting someone else's software.

I know I personally spent at least 50+ hours over the previous 15 years 
installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a 
server, setting up the shares, mapping drive letters, installing it on each PC, 
etc. The software cost us $500 to buy, and then the yearly updates were usually 
$200-$300. Or you can subscribe to the online version for $39/month and be done 
with it. It's automatically backed up, you don't have to host it on your own 
server, or worry about upgrade issues or users with problems, etc.

Time is money. Spend your time doing what you know how to do, and hire someone 
else to do the other tasks. :)

Travis


On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

  True story.  


  ___
  Mangled by my iPhone.
  ___

  Tyler Treat
  Corn Belt Technologies, Inc. 

  tyler.tr...@cornbelttech.com
  ___


  On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af  wrote:


Yeah, SaaS is great for the company that owns it, not so great for everyone 
else.

On Wednesday, October 15, 2014, Travis Johnson via Af  wrote:

  Nope... mainly SaaS companies and real estate. Best of both worlds. :)

  Travis

  On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 5:31 PM, "Travis Johnson via Af"  wrote:


  It just depends on the day... :)

  Involved in 11 companies now, and looking at a 12th. Always stuff 
going
  on. LOL

  Travis

  On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, "Travis Johnson via Af"  wrote:


  The other issue is p2p traffic between two people on the same 
AP
  and
  if you are doing bandwidth shaping in your router, even at the 
tower,
  you will never see these packets. Or in the case the original 
poster
  asked about, that customer could keep a high-def window open of 
all
  their video cameras at the other location, using 3-4Mbps of 
constant
  traffic, and you would never see it.

  Travis

  On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af 
wrote:

When you forward SM-to-SM traffic upstream, there's nothing the 
router
can do about it. Put the two locations on different IP subnets 
so that
traffic between the two has to be routed. Or turn off SM 
isolation.

I leave SM isolation off because I'm not that paranoid. The 
biggest
risk is broadcast/multicast crap flying around. So use the SM 
uplink
broadcast/multicast rate limiting. This is one of the best 
features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:

  We have a customer that has two SM's on the same AP at 
separate
  physical locations (home and office). The have a DVR at each 
location
  that they want to view. Everything is configured properly on 
their
  end to view the DVR's on port 80 through their routers.   
Problem is
  that we have SM isolation turned on with option 2 to forward 
packets
  upstream and they want to see the home 

Re: [AFMUG] SM Isolation question

[Ken Hohhof via Af]

I would not use anything related to Quickbooks as an example of the best way to 
do something.

Your only choices from Intuit are how you get screwed, not whether.


From: Travis Johnson via Af 
Sent: Thursday, October 16, 2014 9:02 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

How do you figure? Everything will eventually be SaaS... and it's a much better 
model for both sides. The software stays updated and current and bug fixes are 
instant. The initial cost to start with the software is usually 1/10th what it 
would be to buy, and it allows people to use the software from anywhere.

Many years ago, I was of the same opinion. Then I started to realize my time 
(or anyone else's time) was better spent focusing on the product we sold rather 
than installing/fixing/supporting someone else's software.

I know I personally spent at least 50+ hours over the previous 15 years 
installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a 
server, setting up the shares, mapping drive letters, installing it on each PC, 
etc. The software cost us $500 to buy, and then the yearly updates were usually 
$200-$300. Or you can subscribe to the online version for $39/month and be done 
with it. It's automatically backed up, you don't have to host it on your own 
server, or worry about upgrade issues or users with problems, etc.

Time is money. Spend your time doing what you know how to do, and hire someone 
else to do the other tasks. :)

Travis


On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

  True story.  


  ___
  Mangled by my iPhone.
  ___

  Tyler Treat
  Corn Belt Technologies, Inc. 

  tyler.tr...@cornbelttech.com
  ___


  On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af  wrote:


Yeah, SaaS is great for the company that owns it, not so great for everyone 
else.

On Wednesday, October 15, 2014, Travis Johnson via Af  wrote:

  Nope... mainly SaaS companies and real estate. Best of both worlds. :)

  Travis

  On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 5:31 PM, "Travis Johnson via Af"  wrote:


  It just depends on the day... :)

  Involved in 11 companies now, and looking at a 12th. Always stuff 
going
  on. LOL

  Travis

  On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, "Travis Johnson via Af"  wrote:


  The other issue is p2p traffic between two people on the same 
AP
  and
  if you are doing bandwidth shaping in your router, even at the 
tower,
  you will never see these packets. Or in the case the original 
poster
  asked about, that customer could keep a high-def window open of 
all
  their video cameras at the other location, using 3-4Mbps of 
constant
  traffic, and you would never see it.

  Travis

  On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af 
wrote:

When you forward SM-to-SM traffic upstream, there's nothing the 
router
can do about it. Put the two locations on different IP subnets 
so that
traffic between the two has to be routed. Or turn off SM 
isolation.

I leave SM isolation off because I'm not that paranoid. The 
biggest
risk is broadcast/multicast crap flying around. So use the SM 
uplink
broadcast/multicast rate limiting. This is one of the best 
features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:

  We have a customer that has two SM's on the same AP at 
separate
  physical locations (home and office). The have a DVR at each 
location
  that they want to view. Everything is configured properly on 
their
  end to view the DVR's on port 80 through their routers.   
Problem is
  that we have SM isolation turned on with option 2 to forward 
packets
  upstream and they want to see the home when at the office and 
the
  office when at home.

  So I set up a mangle rule in my Mikortik to mark the packets 
with a
  routing mark based on the SRC and DST addresses, and then 
used a
  

Re: [AFMUG] SM Isolation question

[Travis Johnson via Af]

How do you figure? Everything will eventually be SaaS... and it's a much 
better model for both sides. The software stays updated and current and 
bug fixes are instant. The initial cost to start with the software is 
usually 1/10th what it would be to buy, and it allows people to use the 
software from anywhere.


Many years ago, I was of the same opinion. Then I started to realize my 
time (or anyone else's time) was better spent focusing on the product we 
sold rather than installing/fixing/supporting someone else's software.


I know I personally spent at least 50+ hours over the previous 15 years 
installing/fixing/supporting Quickbooks on our LAN. Getting it installed 
on a server, setting up the shares, mapping drive letters, installing it 
on each PC, etc. The software cost us $500 to buy, and then the yearly 
updates were usually $200-$300. Or you can subscribe to the online 
version for $39/month and be done with it. It's automatically backed up, 
you don't have to host it on your own server, or worry about upgrade 
issues or users with problems, etc.


Time is money. Spend your time doing what you know how to do, and hire 
someone else to do the other tasks. :)


Travis

On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

True story.

___
Mangled by my iPhone.
___

Tyler Treat
Corn Belt Technologies, Inc.

tyler.tr...@cornbelttech.com 
___


On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af > wrote:


Yeah, SaaS is great for the company that owns it, not so great for 
everyone else.


On Wednesday, October 15, 2014, Travis Johnson via Af > wrote:


Nope... mainly SaaS companies and real estate. Best of both
worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com 
@aeronetpr






On 10/15/14, 5:31 PM, "Travis Johnson via Af" 
wrote:

It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th.
Always stuff going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com 
@aeronetpr






On 10/15/14, 4:14 PM, "Travis Johnson via Af"
 wrote:

The other issue is p2p traffic between two people
on the same AP
and
if you are doing bandwidth shaping in your
router, even at the tower,
you will never see these packets. Or in the case
the original poster
asked about, that customer could keep a high-def
window open of all
their video cameras at the other location, using
3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber
Broadcasting) via Af wrote:

When you forward SM-to-SM traffic upstream,
there's nothing the router
can do about it. Put the two locations on
different IP subnets so that
traffic between the two has to be routed. Or
turn off SM isolation.

I leave SM isolation off because I'm not that
paranoid. The biggest
risk is broadcast/multicast crap flying
around. So use the SM uplink
broadcast/multicast rate limiting. This is
one of the best features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via
Af wrote:

We have a customer that has two SM's on
the same AP at separate
physical locations (home and office). The
have a DVR at each location
that they want to view. Everything is
configured properly on their
end to view the DVR's on port 80 through
their routers.   Problem is
that

Re: [AFMUG] SM Isolation question

[Tyler Treat via Af]

True story.

___
Mangled by my iPhone.
___

Tyler Treat
Corn Belt Technologies, Inc.

tyler.tr...@cornbelttech.com
___


On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af 
mailto:af@afmug.com>> wrote:

Yeah, SaaS is great for the company that owns it, not so great for everyone 
else.

On Wednesday, October 15, 2014, Travis Johnson via Af 
mailto:af@afmug.com>> wrote:
Nope... mainly SaaS companies and real estate. Best of both worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:
Someone told me you were getting into manufacturing??(1/2)??(1/2)



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 5:31 PM, "Travis Johnson via Af"  wrote:

It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th. Always stuff going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:
Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, "Travis Johnson via Af"  wrote:

The other issue is p2p traffic between two people on the same AP
and
if you are doing bandwidth shaping in your router, even at the tower,
you will never see these packets. Or in the case the original poster
asked about, that customer could keep a high-def window open of all
their video cameras at the other location, using 3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
When you forward SM-to-SM traffic upstream, there's nothing the router
can do about it. Put the two locations on different IP subnets so that
traffic between the two has to be routed. Or turn off SM isolation.

I leave SM isolation off because I'm not that paranoid. The biggest
risk is broadcast/multicast crap flying around. So use the SM uplink
broadcast/multicast rate limiting. This is one of the best features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
We have a customer that has two SM's on the same AP at separate
physical locations (home and office). The have a DVR at each location
that they want to view. Everything is configured properly on their
end to view the DVR's on port 80 through their routers.   Problem is
that we have SM isolation turned on with option 2 to forward packets
upstream and they want to see the home when at the office and the
office when at home.

So I set up a mangle rule in my Mikortik to mark the packets with a
routing mark based on the SRC and DST addresses, and then used a
static route for anything what that mark and send it back to the AP
port. It doesn't work, what am I doing wrong, any suggestions short
of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Jason McKemie via Af]

Yeah, SaaS is great for the company that owns it, not so great for everyone
else.

On Wednesday, October 15, 2014, Travis Johnson via Af  wrote:

> Nope... mainly SaaS companies and real estate. Best of both worlds. :)
>
> Travis
>
> On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:
>
>> Someone told me you were getting into manufacturing��
>>
>>
>>
>> Gino A. Villarini
>> President
>> Aeronet Wireless Broadband Corp.
>> www.aeronetpr.com
>> @aeronetpr
>>
>>
>>
>>
>>
>>
>> On 10/15/14, 5:31 PM, "Travis Johnson via Af"  wrote:
>>
>>  It just depends on the day... :)
>>>
>>> Involved in 11 companies now, and looking at a 12th. Always stuff going
>>> on. LOL
>>>
>>> Travis
>>>
>>> On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:
>>>
 Travis, are you getting bored at your current job? Lol!!

 Great to see you active in the list!



 Gino A. Villarini
 President
 Aeronet Wireless Broadband Corp.
 www.aeronetpr.com
 @aeronetpr






 On 10/15/14, 4:14 PM, "Travis Johnson via Af"  wrote:

  The other issue is p2p traffic between two people on the same AP
> and
> if you are doing bandwidth shaping in your router, even at the tower,
> you will never see these packets. Or in the case the original poster
> asked about, that customer could keep a high-def window open of all
> their video cameras at the other location, using 3-4Mbps of constant
> traffic, and you would never see it.
>
> Travis
>
> On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
>
>> When you forward SM-to-SM traffic upstream, there's nothing the router
>> can do about it. Put the two locations on different IP subnets so that
>> traffic between the two has to be routed. Or turn off SM isolation.
>>
>> I leave SM isolation off because I'm not that paranoid. The biggest
>> risk is broadcast/multicast crap flying around. So use the SM uplink
>> broadcast/multicast rate limiting. This is one of the best features of
>> Canopy, IMO.
>>
>> On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
>>
>>> We have a customer that has two SM's on the same AP at separate
>>> physical locations (home and office). The have a DVR at each location
>>> that they want to view. Everything is configured properly on their
>>> end to view the DVR's on port 80 through their routers.   Problem is
>>> that we have SM isolation turned on with option 2 to forward packets
>>> upstream and they want to see the home when at the office and the
>>> office when at home.
>>>
>>> So I set up a mangle rule in my Mikortik to mark the packets with a
>>> routing mark based on the SRC and DST addresses, and then used a
>>> static route for anything what that mark and send it back to the AP
>>> port. It doesn't work, what am I doing wrong, any suggestions short
>>> of disabling SM isolation?
>>>
>>>
>>>
>>
>

Re: [AFMUG] SM Isolation question

[Travis Johnson via Af]

Nope... mainly SaaS companies and real estate. Best of both worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 5:31 PM, "Travis Johnson via Af"  wrote:


It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th. Always stuff going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, "Travis Johnson via Af"  wrote:


The other issue is p2p traffic between two people on the same AP
and
if you are doing bandwidth shaping in your router, even at the tower,
you will never see these packets. Or in the case the original poster
asked about, that customer could keep a high-def window open of all
their video cameras at the other location, using 3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:

When you forward SM-to-SM traffic upstream, there's nothing the router
can do about it. Put the two locations on different IP subnets so that
traffic between the two has to be routed. Or turn off SM isolation.

I leave SM isolation off because I'm not that paranoid. The biggest
risk is broadcast/multicast crap flying around. So use the SM uplink
broadcast/multicast rate limiting. This is one of the best features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:

We have a customer that has two SM's on the same AP at separate
physical locations (home and office). The have a DVR at each location
that they want to view. Everything is configured properly on their
end to view the DVR's on port 80 through their routers.   Problem is
that we have SM isolation turned on with option 2 to forward packets
upstream and they want to see the home when at the office and the
office when at home.

So I set up a mangle rule in my Mikortik to mark the packets with a
routing mark based on the SRC and DST addresses, and then used a
static route for anything what that mark and send it back to the AP
port. It doesn't work, what am I doing wrong, any suggestions short
of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Gino Villarini via Af]

Someone told me you were getting into manufacturingŠŠ



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com  
@aeronetpr






On 10/15/14, 5:31 PM, "Travis Johnson via Af"  wrote:

>It just depends on the day... :)
>
>Involved in 11 companies now, and looking at a 12th. Always stuff going
>on. LOL
>
>Travis
>
>On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:
>> Travis, are you getting bored at your current job? Lol!!
>>
>> Great to see you active in the list!
>>
>>
>>
>> Gino A. Villarini
>> President
>> Aeronet Wireless Broadband Corp.
>> www.aeronetpr.com
>> @aeronetpr
>>
>>
>>
>>
>>
>>
>> On 10/15/14, 4:14 PM, "Travis Johnson via Af"  wrote:
>>
>>> The other issue is p2p traffic between two people on the same AP
>>>and
>>> if you are doing bandwidth shaping in your router, even at the tower,
>>> you will never see these packets. Or in the case the original poster
>>> asked about, that customer could keep a high-def window open of all
>>> their video cameras at the other location, using 3-4Mbps of constant
>>> traffic, and you would never see it.
>>>
>>> Travis
>>>
>>> On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
 When you forward SM-to-SM traffic upstream, there's nothing the router
 can do about it. Put the two locations on different IP subnets so that
 traffic between the two has to be routed. Or turn off SM isolation.

 I leave SM isolation off because I'm not that paranoid. The biggest
 risk is broadcast/multicast crap flying around. So use the SM uplink
 broadcast/multicast rate limiting. This is one of the best features of
 Canopy, IMO.

 On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
> We have a customer that has two SM's on the same AP at separate
> physical locations (home and office). The have a DVR at each location
> that they want to view. Everything is configured properly on their
> end to view the DVR's on port 80 through their routers.   Problem is
> that we have SM isolation turned on with option 2 to forward packets
> upstream and they want to see the home when at the office and the
> office when at home.
>
> So I set up a mangle rule in my Mikortik to mark the packets with a
> routing mark based on the SRC and DST addresses, and then used a
> static route for anything what that mark and send it back to the AP
> port. It doesn't work, what am I doing wrong, any suggestions short
> of disabling SM isolation?
>
>

>>
>

Re: [AFMUG] SM Isolation question

[Travis Johnson via Af]

It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th. Always stuff going 
on. LOL


Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, "Travis Johnson via Af"  wrote:


The other issue is p2p traffic between two people on the same AP and
if you are doing bandwidth shaping in your router, even at the tower,
you will never see these packets. Or in the case the original poster
asked about, that customer could keep a high-def window open of all
their video cameras at the other location, using 3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:

When you forward SM-to-SM traffic upstream, there's nothing the router
can do about it. Put the two locations on different IP subnets so that
traffic between the two has to be routed. Or turn off SM isolation.

I leave SM isolation off because I'm not that paranoid. The biggest
risk is broadcast/multicast crap flying around. So use the SM uplink
broadcast/multicast rate limiting. This is one of the best features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:

We have a customer that has two SM's on the same AP at separate
physical locations (home and office). The have a DVR at each location
that they want to view. Everything is configured properly on their
end to view the DVR's on port 80 through their routers.   Problem is
that we have SM isolation turned on with option 2 to forward packets
upstream and they want to see the home when at the office and the
office when at home.

So I set up a mangle rule in my Mikortik to mark the packets with a
routing mark based on the SRC and DST addresses, and then used a
static route for anything what that mark and send it back to the AP
port. It doesn't work, what am I doing wrong, any suggestions short
of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Travis Johnson via Af]

It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th. Always stuff going 
on. LOL


Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, "Travis Johnson via Af"  wrote:


The other issue is p2p traffic between two people on the same AP and
if you are doing bandwidth shaping in your router, even at the tower,
you will never see these packets. Or in the case the original poster
asked about, that customer could keep a high-def window open of all
their video cameras at the other location, using 3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:

When you forward SM-to-SM traffic upstream, there's nothing the router
can do about it. Put the two locations on different IP subnets so that
traffic between the two has to be routed. Or turn off SM isolation.

I leave SM isolation off because I'm not that paranoid. The biggest
risk is broadcast/multicast crap flying around. So use the SM uplink
broadcast/multicast rate limiting. This is one of the best features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:

We have a customer that has two SM's on the same AP at separate
physical locations (home and office). The have a DVR at each location
that they want to view. Everything is configured properly on their
end to view the DVR's on port 80 through their routers.   Problem is
that we have SM isolation turned on with option 2 to forward packets
upstream and they want to see the home when at the office and the
office when at home.

So I set up a mangle rule in my Mikortik to mark the packets with a
routing mark based on the SRC and DST addresses, and then used a
static route for anything what that mark and send it back to the AP
port. It doesn't work, what am I doing wrong, any suggestions short
of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Chuck McCown via Af]

Most addiction recovery programs tell you to not hang around with the same 
crowd...


-Original Message- 
From: Gino Villarini via Af

Sent: Wednesday, October 15, 2014 3:16 PM
To: af@afmug.com
Subject: Re: [AFMUG] SM Isolation question

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, "Travis Johnson via Af"  wrote:


The other issue is p2p traffic between two people on the same AP and
if you are doing bandwidth shaping in your router, even at the tower,
you will never see these packets. Or in the case the original poster
asked about, that customer could keep a high-def window open of all
their video cameras at the other location, using 3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:

When you forward SM-to-SM traffic upstream, there's nothing the router
can do about it. Put the two locations on different IP subnets so that
traffic between the two has to be routed. Or turn off SM isolation.

I leave SM isolation off because I'm not that paranoid. The biggest
risk is broadcast/multicast crap flying around. So use the SM uplink
broadcast/multicast rate limiting. This is one of the best features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:

We have a customer that has two SM's on the same AP at separate
physical locations (home and office). The have a DVR at each location
that they want to view. Everything is configured properly on their
end to view the DVR's on port 80 through their routers.   Problem is
that we have SM isolation turned on with option 2 to forward packets
upstream and they want to see the home when at the office and the
office when at home.

So I set up a mangle rule in my Mikortik to mark the packets with a
routing mark based on the SRC and DST addresses, and then used a
static route for anything what that mark and send it back to the AP
port. It doesn't work, what am I doing wrong, any suggestions short
of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Gino Villarini via Af]

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com  
@aeronetpr






On 10/15/14, 4:14 PM, "Travis Johnson via Af"  wrote:

>The other issue is p2p traffic between two people on the same AP and
>if you are doing bandwidth shaping in your router, even at the tower,
>you will never see these packets. Or in the case the original poster
>asked about, that customer could keep a high-def window open of all
>their video cameras at the other location, using 3-4Mbps of constant
>traffic, and you would never see it.
>
>Travis
>
>On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
>> When you forward SM-to-SM traffic upstream, there's nothing the router
>> can do about it. Put the two locations on different IP subnets so that
>> traffic between the two has to be routed. Or turn off SM isolation.
>>
>> I leave SM isolation off because I'm not that paranoid. The biggest
>> risk is broadcast/multicast crap flying around. So use the SM uplink
>> broadcast/multicast rate limiting. This is one of the best features of
>> Canopy, IMO.
>>
>> On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
>>> We have a customer that has two SM's on the same AP at separate
>>> physical locations (home and office). The have a DVR at each location
>>> that they want to view. Everything is configured properly on their
>>> end to view the DVR's on port 80 through their routers.   Problem is
>>> that we have SM isolation turned on with option 2 to forward packets
>>> upstream and they want to see the home when at the office and the
>>> office when at home.
>>>
>>> So I set up a mangle rule in my Mikortik to mark the packets with a
>>> routing mark based on the SRC and DST addresses, and then used a
>>> static route for anything what that mark and send it back to the AP
>>> port. It doesn't work, what am I doing wrong, any suggestions short
>>> of disabling SM isolation?
>>>
>>>
>>
>>
>

Re: [AFMUG] SM Isolation question

[Paul McCall via Af]

We don’t have that exact scenario, but you could monitor or throttle through a 
router (Mikrotik) or use the SM QOS to help mitigate that (somewhat)

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Travis Johnson via Af
Sent: Wednesday, October 15, 2014 4:14 PM
To: af@afmug.com
Subject: Re: [AFMUG] SM Isolation question

The other issue is p2p traffic between two people on the same AP and if you 
are doing bandwidth shaping in your router, even at the tower, you will never 
see these packets. Or in the case the original poster asked about, that 
customer could keep a high-def window open of all their video cameras at the 
other location, using 3-4Mbps of constant traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
> When you forward SM-to-SM traffic upstream, there's nothing the router 
> can do about it. Put the two locations on different IP subnets so that 
> traffic between the two has to be routed. Or turn off SM isolation.
>
> I leave SM isolation off because I'm not that paranoid. The biggest 
> risk is broadcast/multicast crap flying around. So use the SM uplink 
> broadcast/multicast rate limiting. This is one of the best features of 
> Canopy, IMO.
>
> On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
>> We have a customer that has two SM's on the same AP at separate 
>> physical locations (home and office). The have a DVR at each location 
>> that they want to view. Everything is configured properly on their
>> end to view the DVR's on port 80 through their routers.   Problem is 
>> that we have SM isolation turned on with option 2 to forward packets 
>> upstream and they want to see the home when at the office and the 
>> office when at home.
>>
>> So I set up a mangle rule in my Mikortik to mark the packets with a 
>> routing mark based on the SRC and DST addresses, and then used a 
>> static route for anything what that mark and send it back to the AP 
>> port. It doesn't work, what am I doing wrong, any suggestions short 
>> of disabling SM isolation?
>>
>>
>
>

Re: [AFMUG] SM Isolation question

[George Skorup (Cyber Broadcasting) via Af]

Which is why you should use Canopy's QoS.

On 10/15/2014 3:14 PM, Travis Johnson via Af wrote:
The other issue is p2p traffic between two people on the same AP 
and if you are doing bandwidth shaping in your router, even at the 
tower, you will never see these packets. Or in the case the original 
poster asked about, that customer could keep a high-def window open of 
all their video cameras at the other location, using 3-4Mbps of 
constant traffic, and you would never see it.


Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
When you forward SM-to-SM traffic upstream, there's nothing the 
router can do about it. Put the two locations on different IP subnets 
so that traffic between the two has to be routed. Or turn off SM 
isolation.


I leave SM isolation off because I'm not that paranoid. The biggest 
risk is broadcast/multicast crap flying around. So use the SM uplink 
broadcast/multicast rate limiting. This is one of the best features 
of Canopy, IMO.


On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
We have a customer that has two SM's on the same AP at separate 
physical locations (home and office). The have a DVR at each 
location that they want to view. Everything is configured properly 
on their end to view the DVR's on port 80 through their routers.   
Problem is that we have SM isolation turned on with option 2 to 
forward packets upstream and they want to see the home when at the 
office and the office when at home.


So I set up a mangle rule in my Mikortik to mark the packets with a 
routing mark based on the SRC and DST addresses, and then used a 
static route for anything what that mark and send it back to the AP 
port. It doesn't work, what am I doing wrong, any suggestions short 
of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Christopher Tyler via Af]

Thank you all for the assist, we will be moving one of the locations to a 
separate subnet.  Much appreciated.

-- 
Christopher Tyler 
MTCRE/MTCNA/MTCTCE/MTCWE 
Total Highspeed Internet Services 
417.851.1107

- Original Message -
From: "Gilbert T. Gutierrez, Jr. via Af" 
To: af@afmug.com
Sent: Wednesday, October 15, 2014 3:54:59 PM
Subject: Re: [AFMUG] SM Isolation question

As others have said, put the two locations on different subnets. That 
will get around the issue. You could also segment using Vlans which 
would allow you to retain DHCP if you use DHCP. We always have Isolation 
enabled. We happen to use a few vlans to further segment the traffic and 
if a customer has 2 SMs on the same AP, we make sure that the public 
facing IPs are on different networks.

Gilbert

On 10/15/2014 12:23 PM, Christopher Tyler via Af wrote:
> We have a customer that has two SM's on the same AP at separate physical 
> locations (home and office).  The have a DVR at each location that they want 
> to view.  Everything is configured properly on their end to view the DVR's on 
> port 80 through their routers.   Problem is that we have SM isolation turned 
> on with option 2 to forward packets upstream and they want to see the home 
> when at the office and the office when at home.
>
> So I set up a mangle rule in my Mikortik to mark the packets with a routing 
> mark based on the SRC and DST addresses, and then used a static route for 
> anything what that mark and send it back to the AP port. It doesn't work, 
> what am I doing wrong, any suggestions short of disabling SM isolation?
>
>

Re: [AFMUG] SM Isolation question

[Gilbert T. Gutierrez, Jr. via Af]

As others have said, put the two locations on different subnets. That 
will get around the issue. You could also segment using Vlans which 
would allow you to retain DHCP if you use DHCP. We always have Isolation 
enabled. We happen to use a few vlans to further segment the traffic and 
if a customer has 2 SMs on the same AP, we make sure that the public 
facing IPs are on different networks.


Gilbert

On 10/15/2014 12:23 PM, Christopher Tyler via Af wrote:

We have a customer that has two SM's on the same AP at separate physical 
locations (home and office).  The have a DVR at each location that they want to 
view.  Everything is configured properly on their end to view the DVR's on port 
80 through their routers.   Problem is that we have SM isolation turned on with 
option 2 to forward packets upstream and they want to see the home when at the 
office and the office when at home.

So I set up a mangle rule in my Mikortik to mark the packets with a routing 
mark based on the SRC and DST addresses, and then used a static route for 
anything what that mark and send it back to the AP port. It doesn't work, what 
am I doing wrong, any suggestions short of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Travis Johnson via Af]

The other issue is p2p traffic between two people on the same AP and 
if you are doing bandwidth shaping in your router, even at the tower, 
you will never see these packets. Or in the case the original poster 
asked about, that customer could keep a high-def window open of all 
their video cameras at the other location, using 3-4Mbps of constant 
traffic, and you would never see it.


Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
When you forward SM-to-SM traffic upstream, there's nothing the router 
can do about it. Put the two locations on different IP subnets so that 
traffic between the two has to be routed. Or turn off SM isolation.


I leave SM isolation off because I'm not that paranoid. The biggest 
risk is broadcast/multicast crap flying around. So use the SM uplink 
broadcast/multicast rate limiting. This is one of the best features of 
Canopy, IMO.


On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
We have a customer that has two SM's on the same AP at separate 
physical locations (home and office). The have a DVR at each location 
that they want to view. Everything is configured properly on their 
end to view the DVR's on port 80 through their routers.   Problem is 
that we have SM isolation turned on with option 2 to forward packets 
upstream and they want to see the home when at the office and the 
office when at home.


So I set up a mangle rule in my Mikortik to mark the packets with a 
routing mark based on the SRC and DST addresses, and then used a 
static route for anything what that mark and send it back to the AP 
port. It doesn't work, what am I doing wrong, any suggestions short 
of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[George Skorup (Cyber Broadcasting) via Af]

When you forward SM-to-SM traffic upstream, there's nothing the router 
can do about it. Put the two locations on different IP subnets so that 
traffic between the two has to be routed. Or turn off SM isolation.


I leave SM isolation off because I'm not that paranoid. The biggest risk 
is broadcast/multicast crap flying around. So use the SM uplink 
broadcast/multicast rate limiting. This is one of the best features of 
Canopy, IMO.


On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:

We have a customer that has two SM's on the same AP at separate physical 
locations (home and office).  The have a DVR at each location that they want to 
view.  Everything is configured properly on their end to view the DVR's on port 
80 through their routers.   Problem is that we have SM isolation turned on with 
option 2 to forward packets upstream and they want to see the home when at the 
office and the office when at home.

So I set up a mangle rule in my Mikortik to mark the packets with a routing 
mark based on the SRC and DST addresses, and then used a static route for 
anything what that mark and send it back to the AP port. It doesn't work, what 
am I doing wrong, any suggestions short of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Travis Johnson via Af]

We would just provide the customer with IP addresses from different 
subnets off that tower, thus making the packets go through the router at 
the tower.


Travis

On 10/15/2014 1:23 PM, Christopher Tyler via Af wrote:

We have a customer that has two SM's on the same AP at separate physical 
locations (home and office).  The have a DVR at each location that they want to 
view.  Everything is configured properly on their end to view the DVR's on port 
80 through their routers.   Problem is that we have SM isolation turned on with 
option 2 to forward packets upstream and they want to see the home when at the 
office and the office when at home.

So I set up a mangle rule in my Mikortik to mark the packets with a routing 
mark based on the SRC and DST addresses, and then used a static route for 
anything what that mark and send it back to the AP port. It doesn't work, what 
am I doing wrong, any suggestions short of disabling SM isolation?

[AFMUG] SM Isolation question

[Christopher Tyler via Af]

We have a customer that has two SM's on the same AP at separate physical 
locations (home and office).  The have a DVR at each location that they want to 
view.  Everything is configured properly on their end to view the DVR's on port 
80 through their routers.   Problem is that we have SM isolation turned on with 
option 2 to forward packets upstream and they want to see the home when at the 
office and the office when at home.

So I set up a mangle rule in my Mikortik to mark the packets with a routing 
mark based on the SRC and DST addresses, and then used a static route for 
anything what that mark and send it back to the AP port. It doesn't work, what 
am I doing wrong, any suggestions short of disabling SM isolation?


-- 
Christopher Tyler 
MTCRE/MTCNA/MTCTCE/MTCWE 
Total Highspeed Internet Services 
417.851.1107