Re: [AFMUG] SM Isolation Question
you cant route between them? thats weird! it seems you have assigned ip space on the same block... On Tue, May 24, 2016 at 8:51 PM, Gerard Dupont IIIwrote: > On our fiber network I use port isolation and mac forced forwarding(not > available in MikroTik) to accomplish layer2 isolation but still allow > client to client unicast traffic. > > Proxy arp is as close to MACFF as you can get in MikroTik. I think you > should be able to use option 2 if you use a different vlan per customer > site(use the default vlan setting in each canopy SM so each site has > a unique vlan) then enable proxy arp for each vlan in your router. I don't > remember if you have to have an ip on the vlan for it to work or not. If > it doesn't work try adding an ip on each vlan. So you don't waste ips you > can use point to point addressing. IE address=routerip/32 > network=customerIpForThisVlan. You might be able to get by with some static > arp entries instead of adding an ip to each vlan. I'm not sure how MikroTik > handles that. > > I suck at explaining myself so I hope this makes sense. You can contact me > offlist if you want to chat/talk about it. > > Gerard > > > On Tuesday, May 24, 2016, Craig Schmaderer > wrote: > >> Example: >> >> I have a 450 Access Point that has 3 sms belonging to one company with 3 >> sites. >> >> This client wants to have vpns between all locations. They are all on >> the same layer 2 network (same vlan) >> >> >> >> Options and expected outcomes >> >> · Disable SM Isolation (the default selection). This allows full >> communication between SMs. >> >> - Works fine, all traffic can pass, Expected….. >> >> >> >> · Enable Option 1 - Block SM destined packets from being forwarded. This >> prevents both multicast/broadcast and unicast SM-to-SM communication. >> >> - Doesn’t work, can establish connections between sms. >> Expected…… >> >> >> >> · Enable Option 2 - Forward SM destined packets upstream. This not only >> prevents multicast/broadcast and unicast SM-to-SM communication but also >> sends the packets, which otherwise may have been handled SM to SM, through >> the Ethernet port of the AP. >> >> - Doesn’t work, I thought this would work, I assumed all >> packets would be sent upstream to the router than the router would send it >> back to the clients, similar to how mac forced forwarding works on my fiber >> network. >> >> >> >> So I guess my question is “Am I totally miss understanding what option 2 >> does? Is the only possible way to allow vpn traffic between sms on the >> same access points have to have “Disable SM Isolation set?” >> >> >> >> Thanks, Craig. >> >> >> >> *Craig R. Schmaderer* >> >> *CEO | Skywave Wireless, Inc.* >> >> *Ph: 402-372-1975 <402-372-1975> | Fax: 402-372-1058 <402-372-1058>* >> >> *Direct: 402-372-1052 <402-372-1052>* >> >> >> >
[AFMUG] SM Isolation Question
On our fiber network I use port isolation and mac forced forwarding(not available in MikroTik) to accomplish layer2 isolation but still allow client to client unicast traffic. Proxy arp is as close to MACFF as you can get in MikroTik. I think you should be able to use option 2 if you use a different vlan per customer site(use the default vlan setting in each canopy SM so each site has a unique vlan) then enable proxy arp for each vlan in your router. I don't remember if you have to have an ip on the vlan for it to work or not. If it doesn't work try adding an ip on each vlan. So you don't waste ips you can use point to point addressing. IE address=routerip/32 network=customerIpForThisVlan. You might be able to get by with some static arp entries instead of adding an ip to each vlan. I'm not sure how MikroTik handles that. I suck at explaining myself so I hope this makes sense. You can contact me offlist if you want to chat/talk about it. Gerard On Tuesday, May 24, 2016, Craig Schmaderer> wrote: > Example: > > I have a 450 Access Point that has 3 sms belonging to one company with 3 > sites. > > This client wants to have vpns between all locations. They are all on the > same layer 2 network (same vlan) > > > > Options and expected outcomes > > · Disable SM Isolation (the default selection). This allows full > communication between SMs. > > - Works fine, all traffic can pass, Expected….. > > > > · Enable Option 1 - Block SM destined packets from being forwarded. This > prevents both multicast/broadcast and unicast SM-to-SM communication. > > - Doesn’t work, can establish connections between sms. > Expected…… > > > > · Enable Option 2 - Forward SM destined packets upstream. This not only > prevents multicast/broadcast and unicast SM-to-SM communication but also > sends the packets, which otherwise may have been handled SM to SM, through > the Ethernet port of the AP. > > - Doesn’t work, I thought this would work, I assumed all packets > would be sent upstream to the router than the router would send it back to > the clients, similar to how mac forced forwarding works on my fiber > network. > > > > So I guess my question is “Am I totally miss understanding what option 2 > does? Is the only possible way to allow vpn traffic between sms on the > same access points have to have “Disable SM Isolation set?” > > > > Thanks, Craig. > > > > *Craig R. Schmaderer* > > *CEO | Skywave Wireless, Inc.* > > *Ph: 402-372-1975 | Fax: 402-372-1058* > > *Direct: 402-372-1052* > > >
Re: [AFMUG] SM Isolation Question
we ran SM isolation on all our AP's and never had to disable it when we used /30's and tunneling. On Tue, May 24, 2016 at 4:16 PM Craig Schmaderer <cr...@skywaveconnect.com> wrote: > Yeah I was trying to keep this simple and leaving isolation on but it > looks like on that ap ill have to disable it. For what it is worth, I do > believe that anyone that wants to run vpns between locations should be able > to do it without any special treatment, > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *George Skorup > *Sent:* Tuesday, May 24, 2016 11:51 AM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] SM Isolation Question > > > > Disable SM isolation or route between them (/30's or whatever). > > On 5/24/2016 11:36 AM, Craig Schmaderer wrote: > > Example: > > I have a 450 Access Point that has 3 sms belonging to one company with 3 > sites. > > This client wants to have vpns between all locations.� They are all on > the same layer 2 network (same vlan) > > � > > Options and expected outcomes > > � Disable SM Isolation (the default selection). This allows full > communication between SMs. > > - Works fine, all traffic can pass, Expected�.. > > ��������������� > > � Enable Option 1 - Block SM destined packets from being forwarded. > This prevents both multicast/broadcast and unicast SM-to-SM communication. > > - Doesn�t work, can establish connections between sms.� > Expected�� > > � > > � Enable Option 2 - Forward SM destined packets upstream. This not only > prevents multicast/broadcast and unicast SM-to-SM communication but also > sends the packets, which otherwise may have been handled SM to SM, through > the Ethernet port of the AP. > > - Doesn�t work, I thought this would work, I assumed all > packets would be sent upstream to the router than the router would send it > back to the clients, similar to how mac forced forwarding works on my fiber > network.� > > � > > So I guess my question is �Am I totally miss understanding what option 2 > does?� Is the only possible way to allow vpn traffic between sms on the > same access points have to have �Disable SM Isolation set?� > > � > > Thanks, Craig. > > � > > *Craig R. Schmaderer* > > *CEO | Skywave Wireless, Inc.* > > *Ph: 402-372-1975 | Fax: 402-372-1058* > > *Direct: 402-372-1052* > > � > > >
Re: [AFMUG] SM Isolation Question
Yeah I was trying to keep this simple and leaving isolation on but it looks like on that ap ill have to disable it. For what it is worth, I do believe that anyone that wants to run vpns between locations should be able to do it without any special treatment, From: Af [mailto:af-boun...@afmug.com] On Behalf Of George Skorup Sent: Tuesday, May 24, 2016 11:51 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation Question Disable SM isolation or route between them (/30's or whatever). On 5/24/2016 11:36 AM, Craig Schmaderer wrote: Example: I have a 450 Access Point that has 3 sms belonging to one company with 3 sites. This client wants to have vpns between all locations.� They are all on the same layer 2 network (same vlan) � Options and expected outcomes *** Disable SM Isolation (the default selection). This allows full communication between SMs. - Works fine, all traffic can pass, Expected�.. ��������������� *** Enable Option 1 - Block SM destined packets from being forwarded. This prevents both multicast/broadcast and unicast SM-to-SM communication. - Doesn�t work, can establish connections between sms.� Expected�� � *** Enable Option 2 - Forward SM destined packets upstream. This not only prevents multicast/broadcast and unicast SM-to-SM communication but also sends the packets, which otherwise may have been handled SM to SM, through the Ethernet port of the AP. - Doesn�t work, I thought this would work, I assumed all packets would be sent upstream to the router than the router would send it back to the clients, similar to how mac forced forwarding works on my fiber network.� � So I guess my question is �Am I totally miss understanding what option 2 does?� Is the only possible way to allow vpn traffic between sms on the same access points have to have �Disable SM Isolation set?� � Thanks, Craig. � Craig R. Schmaderer CEO | Skywave Wireless, Inc. Ph: 402-372-1975 | Fax: 402-372-1058 Direct: 402-372-1052 �
Re: [AFMUG] SM Isolation Question
Sell the customer a VPLS-based solution. ~Seth
Re: [AFMUG] SM Isolation Question
I saw a couple of ISP's actually go out of business trying To let customers treat the isp network as Their own. We always assigned public /30 to each and rooted the tunnels On Tue, May 24, 2016 at 11:46 AM That One Guy /sarcasm < thatoneguyst...@gmail.com> wrote: > take them out of the vlan and do option 2 > > On Tue, May 24, 2016 at 11:36 AM, Craig Schmaderer < > cr...@skywaveconnect.com> wrote: > >> Example: >> >> I have a 450 Access Point that has 3 sms belonging to one company with 3 >> sites. >> >> This client wants to have vpns between all locations. They are all on >> the same layer 2 network (same vlan) >> >> >> >> Options and expected outcomes >> >> · Disable SM Isolation (the default selection). This allows full >> communication between SMs. >> >> - Works fine, all traffic can pass, Expected….. >> >> >> >> · Enable Option 1 - Block SM destined packets from being forwarded. This >> prevents both multicast/broadcast and unicast SM-to-SM communication. >> >> - Doesn’t work, can establish connections between sms. >> Expected…… >> >> >> >> · Enable Option 2 - Forward SM destined packets upstream. This not only >> prevents multicast/broadcast and unicast SM-to-SM communication but also >> sends the packets, which otherwise may have been handled SM to SM, through >> the Ethernet port of the AP. >> >> - Doesn’t work, I thought this would work, I assumed all >> packets would be sent upstream to the router than the router would send it >> back to the clients, similar to how mac forced forwarding works on my fiber >> network. >> >> >> >> So I guess my question is “Am I totally miss understanding what option 2 >> does? Is the only possible way to allow vpn traffic between sms on the >> same access points have to have “Disable SM Isolation set?” >> >> >> >> Thanks, Craig. >> >> >> >> *Craig R. Schmaderer* >> >> *CEO | Skywave Wireless, Inc.* >> >> *Ph: 402-372-1975 <402-372-1975> | Fax: 402-372-1058 <402-372-1058>* >> >> *Direct: 402-372-1052 <402-372-1052>* >> >> >> > > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. >
Re: [AFMUG] SM Isolation Question
Disable SM isolation or route between them (/30's or whatever). On 5/24/2016 11:36 AM, Craig Schmaderer wrote: Example: I have a 450 Access Point that has 3 sms belonging to one company with 3 sites. This client wants to have vpns between all locations. They are all on the same layer 2 network (same vlan) Options and expected outcomes � Disable SM Isolation (the default selection). This allows full communication between SMs. -Works fine, all traffic can pass, Expected�.. � Enable Option 1 - Block SM destined packets from being forwarded. This prevents both multicast/broadcast and unicast SM-to-SM communication. -Doesn�t work, can establish connections between sms. Expected�� � Enable Option 2 - Forward SM destined packets upstream. This not only prevents multicast/broadcast and unicast SM-to-SM communication but also sends the packets, which otherwise may have been handled SM to SM, through the Ethernet port of the AP. -Doesn�t work, I thought this would work, I assumed all packets would be sent upstream to the router than the router would send it back to the clients, similar to how mac forced forwarding works on my fiber network. So I guess my question is �Am I totally miss understanding what option 2 does? Is the only possible way to allow vpn traffic between sms on the same access points have to have �Disable SM Isolation set?� Thanks, Craig. /Craig R. Schmaderer/ /CEO | Skywave Wireless, Inc./ /Ph: 402-372-1975 | Fax: 402-372-1058/ /Direct: 402-372-1052/
Re: [AFMUG] SM Isolation Question
take them out of the vlan and do option 2 On Tue, May 24, 2016 at 11:36 AM, Craig Schmadererwrote: > Example: > > I have a 450 Access Point that has 3 sms belonging to one company with 3 > sites. > > This client wants to have vpns between all locations. They are all on the > same layer 2 network (same vlan) > > > > Options and expected outcomes > > · Disable SM Isolation (the default selection). This allows full > communication between SMs. > > - Works fine, all traffic can pass, Expected….. > > > > · Enable Option 1 - Block SM destined packets from being forwarded. This > prevents both multicast/broadcast and unicast SM-to-SM communication. > > - Doesn’t work, can establish connections between sms. > Expected…… > > > > · Enable Option 2 - Forward SM destined packets upstream. This not only > prevents multicast/broadcast and unicast SM-to-SM communication but also > sends the packets, which otherwise may have been handled SM to SM, through > the Ethernet port of the AP. > > - Doesn’t work, I thought this would work, I assumed all packets > would be sent upstream to the router than the router would send it back to > the clients, similar to how mac forced forwarding works on my fiber > network. > > > > So I guess my question is “Am I totally miss understanding what option 2 > does? Is the only possible way to allow vpn traffic between sms on the > same access points have to have “Disable SM Isolation set?” > > > > Thanks, Craig. > > > > *Craig R. Schmaderer* > > *CEO | Skywave Wireless, Inc.* > > *Ph: 402-372-1975 <402-372-1975> | Fax: 402-372-1058 <402-372-1058>* > > *Direct: 402-372-1052 <402-372-1052>* > > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
[AFMUG] SM Isolation Question
Example: I have a 450 Access Point that has 3 sms belonging to one company with 3 sites. This client wants to have vpns between all locations. They are all on the same layer 2 network (same vlan) Options and expected outcomes * Disable SM Isolation (the default selection). This allows full communication between SMs. - Works fine, all traffic can pass, Expected. * Enable Option 1 - Block SM destined packets from being forwarded. This prevents both multicast/broadcast and unicast SM-to-SM communication. - Doesn't work, can establish connections between sms. Expected.. * Enable Option 2 - Forward SM destined packets upstream. This not only prevents multicast/broadcast and unicast SM-to-SM communication but also sends the packets, which otherwise may have been handled SM to SM, through the Ethernet port of the AP. - Doesn't work, I thought this would work, I assumed all packets would be sent upstream to the router than the router would send it back to the clients, similar to how mac forced forwarding works on my fiber network. So I guess my question is "Am I totally miss understanding what option 2 does? Is the only possible way to allow vpn traffic between sms on the same access points have to have "Disable SM Isolation set?" Thanks, Craig. Craig R. Schmaderer CEO | Skywave Wireless, Inc. Ph: 402-372-1975 | Fax: 402-372-1058 Direct: 402-372-1052
Re: [AFMUG] SM Isolation question
How do you figure? Everything will eventually be SaaS... and it's a much better model for both sides. The software stays updated and current and bug fixes are instant. The initial cost to start with the software is usually 1/10th what it would be to buy, and it allows people to use the software from anywhere. Many years ago, I was of the same opinion. Then I started to realize my time (or anyone else's time) was better spent focusing on the product we sold rather than installing/fixing/supporting someone else's software. I know I personally spent at least 50+ hours over the previous 15 years installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a server, setting up the shares, mapping drive letters, installing it on each PC, etc. The software cost us $500 to buy, and then the yearly updates were usually $200-$300. Or you can subscribe to the online version for $39/month and be done with it. It's automatically backed up, you don't have to host it on your own server, or worry about upgrade issues or users with problems, etc. Time is money. Spend your time doing what you know how to do, and hire someone else to do the other tasks. :) Travis On 10/15/2014 9:31 PM, Tyler Treat via Af wrote: True story. ___ Mangled by my iPhone. ___ Tyler Treat Corn Belt Technologies, Inc. tyler.tr...@cornbelttech.com mailto:tyler.tr...@cornbelttech.com ___ On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com mailto:af@afmug.com wrote: Yeah, SaaS is great for the company that owns it, not so great for everyone else. On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com mailto:af@afmug.com wrote: Nope... mainly SaaS companies and real estate. Best of both worlds. :) Travis On 10/15/2014 3:40 PM, Gino Villarini via Af wrote: Someone told me you were getting into manufacturing�� Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com http://www.aeronetpr.com @aeronetpr On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote: It just depends on the day... :) Involved in 11 companies now, and looking at a 12th. Always stuff going on. LOL Travis On 10/15/2014 3:16 PM, Gino Villarini via Af wrote: Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com http://www.aeronetpr.com @aeronetpr On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote: The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers.
Re: [AFMUG] SM Isolation question
I would not use anything related to Quickbooks as an example of the best way to do something. Your only choices from Intuit are how you get screwed, not whether. From: Travis Johnson via Af Sent: Thursday, October 16, 2014 9:02 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question How do you figure? Everything will eventually be SaaS... and it's a much better model for both sides. The software stays updated and current and bug fixes are instant. The initial cost to start with the software is usually 1/10th what it would be to buy, and it allows people to use the software from anywhere. Many years ago, I was of the same opinion. Then I started to realize my time (or anyone else's time) was better spent focusing on the product we sold rather than installing/fixing/supporting someone else's software. I know I personally spent at least 50+ hours over the previous 15 years installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a server, setting up the shares, mapping drive letters, installing it on each PC, etc. The software cost us $500 to buy, and then the yearly updates were usually $200-$300. Or you can subscribe to the online version for $39/month and be done with it. It's automatically backed up, you don't have to host it on your own server, or worry about upgrade issues or users with problems, etc. Time is money. Spend your time doing what you know how to do, and hire someone else to do the other tasks. :) Travis On 10/15/2014 9:31 PM, Tyler Treat via Af wrote: True story. ___ Mangled by my iPhone. ___ Tyler Treat Corn Belt Technologies, Inc. tyler.tr...@cornbelttech.com ___ On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com wrote: Yeah, SaaS is great for the company that owns it, not so great for everyone else. On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com wrote: Nope... mainly SaaS companies and real estate. Best of both worlds. :) Travis On 10/15/2014 3:40 PM, Gino Villarini via Af wrote: Someone told me you were getting into manufacturing�� Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote: It just depends on the day... :) Involved in 11 companies now, and looking at a 12th. Always stuff going on. LOL Travis On 10/15/2014 3:16 PM, Gino Villarini via Af wrote: Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote: The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office and the office when at home. So I set up a mangle rule in my Mikortik to mark the packets with a routing mark based on the SRC and DST addresses, and then used a static route
Re: [AFMUG] SM Isolation question
I am certainly not in love with intuit, what else can you use that is in the same range of cost and capability? From: Ken Hohhof via Af Sent: Thursday, October 16, 2014 8:12 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question I would not use anything related to Quickbooks as an example of the best way to do something. Your only choices from Intuit are how you get screwed, not whether. From: Travis Johnson via Af Sent: Thursday, October 16, 2014 9:02 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question How do you figure? Everything will eventually be SaaS... and it's a much better model for both sides. The software stays updated and current and bug fixes are instant. The initial cost to start with the software is usually 1/10th what it would be to buy, and it allows people to use the software from anywhere. Many years ago, I was of the same opinion. Then I started to realize my time (or anyone else's time) was better spent focusing on the product we sold rather than installing/fixing/supporting someone else's software. I know I personally spent at least 50+ hours over the previous 15 years installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a server, setting up the shares, mapping drive letters, installing it on each PC, etc. The software cost us $500 to buy, and then the yearly updates were usually $200-$300. Or you can subscribe to the online version for $39/month and be done with it. It's automatically backed up, you don't have to host it on your own server, or worry about upgrade issues or users with problems, etc. Time is money. Spend your time doing what you know how to do, and hire someone else to do the other tasks. :) Travis On 10/15/2014 9:31 PM, Tyler Treat via Af wrote: True story. ___ Mangled by my iPhone. ___ Tyler Treat Corn Belt Technologies, Inc. tyler.tr...@cornbelttech.com ___ On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com wrote: Yeah, SaaS is great for the company that owns it, not so great for everyone else. On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com wrote: Nope... mainly SaaS companies and real estate. Best of both worlds. :) Travis On 10/15/2014 3:40 PM, Gino Villarini via Af wrote: Someone told me you were getting into manufacturing�� Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote: It just depends on the day... :) Involved in 11 companies now, and looking at a 12th. Always stuff going on. LOL Travis On 10/15/2014 3:16 PM, Gino Villarini via Af wrote: Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote: The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office
Re: [AFMUG] SM Isolation question
On 10/16/14, 7:02 AM, Travis Johnson via Af wrote: I know I personally spent at least 50+ hours over the previous 15 years installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a server, setting up the shares, mapping drive letters, installing it on each PC, etc. The software cost us $500 to buy, and then the yearly updates were usually $200-$300. Or you can subscribe to the online version for $39/month and be done with it. It's automatically backed up, you don't have to host it on your own server, or worry about upgrade issues or users with problems, etc. One concern I have with that model is that it comes off like a protection racket: it would be a shame what would happen to your files if you stop paying. ~Seth
Re: [AFMUG] SM Isolation question
But at least with a big company you never have to worry they might have a data breach, right? -Original Message- From: Seth Mattinen via Af Sent: Thursday, October 16, 2014 9:22 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question On 10/16/14, 7:02 AM, Travis Johnson via Af wrote: I know I personally spent at least 50+ hours over the previous 15 years installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a server, setting up the shares, mapping drive letters, installing it on each PC, etc. The software cost us $500 to buy, and then the yearly updates were usually $200-$300. Or you can subscribe to the online version for $39/month and be done with it. It's automatically backed up, you don't have to host it on your own server, or worry about upgrade issues or users with problems, etc. One concern I have with that model is that it comes off like a protection racket: it would be a shame what would happen to your files if you stop paying. ~Seth
Re: [AFMUG] SM Isolation question
snort -Original Message- From: Ken Hohhof via Af Sent: Thursday, October 16, 2014 8:26 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question But at least with a big company you never have to worry they might have a data breach, right? -Original Message- From: Seth Mattinen via Af Sent: Thursday, October 16, 2014 9:22 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question On 10/16/14, 7:02 AM, Travis Johnson via Af wrote: I know I personally spent at least 50+ hours over the previous 15 years installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a server, setting up the shares, mapping drive letters, installing it on each PC, etc. The software cost us $500 to buy, and then the yearly updates were usually $200-$300. Or you can subscribe to the online version for $39/month and be done with it. It's automatically backed up, you don't have to host it on your own server, or worry about upgrade issues or users with problems, etc. One concern I have with that model is that it comes off like a protection racket: it would be a shame what would happen to your files if you stop paying. ~Seth
Re: [AFMUG] SM Isolation question
I haven't seen the same results... every single company I am involved with, and even the 20+ that I have met with over the last three months have all used Quickbooks. Travis On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote: I would not use anything related to Quickbooks as an example of the best way to do something. Your only choices from Intuit are how you get screwed, not whether. *From:* Travis Johnson via Af mailto:af@afmug.com *Sent:* Thursday, October 16, 2014 9:02 AM *To:* af@afmug.com mailto:af@afmug.com *Subject:* Re: [AFMUG] SM Isolation question How do you figure? Everything will eventually be SaaS... and it's a much better model for both sides. The software stays updated and current and bug fixes are instant. The initial cost to start with the software is usually 1/10th what it would be to buy, and it allows people to use the software from anywhere. Many years ago, I was of the same opinion. Then I started to realize my time (or anyone else's time) was better spent focusing on the product we sold rather than installing/fixing/supporting someone else's software. I know I personally spent at least 50+ hours over the previous 15 years installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a server, setting up the shares, mapping drive letters, installing it on each PC, etc. The software cost us $500 to buy, and then the yearly updates were usually $200-$300. Or you can subscribe to the online version for $39/month and be done with it. It's automatically backed up, you don't have to host it on your own server, or worry about upgrade issues or users with problems, etc. Time is money. Spend your time doing what you know how to do, and hire someone else to do the other tasks. :) Travis On 10/15/2014 9:31 PM, Tyler Treat via Af wrote: True story. ___ Mangled by my iPhone. ___ Tyler Treat Corn Belt Technologies, Inc. tyler.tr...@cornbelttech.com mailto:tyler.tr...@cornbelttech.com ___ On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com mailto:af@afmug.com wrote: Yeah, SaaS is great for the company that owns it, not so great for everyone else. On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com mailto:af@afmug.com wrote: Nope... mainly SaaS companies and real estate. Best of both worlds. :) Travis On 10/15/2014 3:40 PM, Gino Villarini via Af wrote: Someone told me you were getting into manufacturing�� Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com http://www.aeronetpr.com @aeronetpr On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote: It just depends on the day... :) Involved in 11 companies now, and looking at a 12th. Always stuff going on. LOL Travis On 10/15/2014 3:16 PM, Gino Villarini via Af wrote: Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com http://www.aeronetpr.com @aeronetpr On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote: The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO
Re: [AFMUG] SM Isolation question
I don’t dispute that, or that SaaS is the wave of the future (present?), just I find Intuit to be a money-grubbing borderline unethical company to deal with, that nonetheless dominates their market niche. Probably because the accountants all use it. As far as getting the bug fixes immediately because you subscribe as a service, that would mean more if it didn’t take Intuit years to fix bugs. There is actually very little improvement from year to year in Quickbooks, it is mostly cosmetic or related to new services they want to sell you. Which tend to be pretty poor, for example their payroll service is really pathetic, you’re almost better off filling out the tax forms by hand. But as an other example of SaaS, Adobe has gone heavily that direction with their creative suites. If you are a graphic designer or web designer, I’m sure it’s a very good deal. For someone like me with an owned copy of Photoshop, it probably doesn’t make sense to start paying monthly, since I could care less about having the latest improvements, I don’t use it intensively enough to make it worthwhile. Maybe for Dreamweaver since HTML techniques are changing all the time. At least Adobe doesn’t require that you are connected to the Internet in order to use the software. I don’t really have any problem with their approach, even though it doesn’t work out so well for me. From: Travis Johnson via Af Sent: Thursday, October 16, 2014 9:38 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question I haven't seen the same results... every single company I am involved with, and even the 20+ that I have met with over the last three months have all used Quickbooks. Travis On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote: I would not use anything related to Quickbooks as an example of the best way to do something. Your only choices from Intuit are how you get screwed, not whether. From: Travis Johnson via Af Sent: Thursday, October 16, 2014 9:02 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question How do you figure? Everything will eventually be SaaS... and it's a much better model for both sides. The software stays updated and current and bug fixes are instant. The initial cost to start with the software is usually 1/10th what it would be to buy, and it allows people to use the software from anywhere. Many years ago, I was of the same opinion. Then I started to realize my time (or anyone else's time) was better spent focusing on the product we sold rather than installing/fixing/supporting someone else's software. I know I personally spent at least 50+ hours over the previous 15 years installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a server, setting up the shares, mapping drive letters, installing it on each PC, etc. The software cost us $500 to buy, and then the yearly updates were usually $200-$300. Or you can subscribe to the online version for $39/month and be done with it. It's automatically backed up, you don't have to host it on your own server, or worry about upgrade issues or users with problems, etc. Time is money. Spend your time doing what you know how to do, and hire someone else to do the other tasks. :) Travis On 10/15/2014 9:31 PM, Tyler Treat via Af wrote: True story. ___ Mangled by my iPhone. ___ Tyler Treat Corn Belt Technologies, Inc. tyler.tr...@cornbelttech.com ___ On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com wrote: Yeah, SaaS is great for the company that owns it, not so great for everyone else. On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com wrote: Nope... mainly SaaS companies and real estate. Best of both worlds. :) Travis On 10/15/2014 3:40 PM, Gino Villarini via Af wrote: Someone told me you were getting into manufacturing�� Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote: It just depends on the day... :) Involved in 11 companies now, and looking at a 12th. Always stuff going on. LOL Travis On 10/15/2014 3:16 PM, Gino Villarini via Af wrote: Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote: The other issue is p2p traffic between two people on the same AP and if you are doing
Re: [AFMUG] SM Isolation question
On 10/16/14, 8:02 AM, Ken Hohhof via Af wrote: If you are a graphic designer or web designer, I’m sure it’s a very good deal. I'll have to ask one of my ad agency customers what they think of it. ~Seth
Re: [AFMUG] SM Isolation question
One thing I did subscribe to and I do use is Adobe’s PDF conversion service. It is awesome, much better than any other tool I have used for the same purpose. It converts stuff to word and it is essentially perfect. From: Ken Hohhof via Af Sent: Thursday, October 16, 2014 9:02 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question I don’t dispute that, or that SaaS is the wave of the future (present?), just I find Intuit to be a money-grubbing borderline unethical company to deal with, that nonetheless dominates their market niche. Probably because the accountants all use it. As far as getting the bug fixes immediately because you subscribe as a service, that would mean more if it didn’t take Intuit years to fix bugs. There is actually very little improvement from year to year in Quickbooks, it is mostly cosmetic or related to new services they want to sell you. Which tend to be pretty poor, for example their payroll service is really pathetic, you’re almost better off filling out the tax forms by hand. But as an other example of SaaS, Adobe has gone heavily that direction with their creative suites. If you are a graphic designer or web designer, I’m sure it’s a very good deal. For someone like me with an owned copy of Photoshop, it probably doesn’t make sense to start paying monthly, since I could care less about having the latest improvements, I don’t use it intensively enough to make it worthwhile. Maybe for Dreamweaver since HTML techniques are changing all the time. At least Adobe doesn’t require that you are connected to the Internet in order to use the software. I don’t really have any problem with their approach, even though it doesn’t work out so well for me. From: Travis Johnson via Af Sent: Thursday, October 16, 2014 9:38 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question I haven't seen the same results... every single company I am involved with, and even the 20+ that I have met with over the last three months have all used Quickbooks. Travis On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote: I would not use anything related to Quickbooks as an example of the best way to do something. Your only choices from Intuit are how you get screwed, not whether. From: Travis Johnson via Af Sent: Thursday, October 16, 2014 9:02 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question How do you figure? Everything will eventually be SaaS... and it's a much better model for both sides. The software stays updated and current and bug fixes are instant. The initial cost to start with the software is usually 1/10th what it would be to buy, and it allows people to use the software from anywhere. Many years ago, I was of the same opinion. Then I started to realize my time (or anyone else's time) was better spent focusing on the product we sold rather than installing/fixing/supporting someone else's software. I know I personally spent at least 50+ hours over the previous 15 years installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a server, setting up the shares, mapping drive letters, installing it on each PC, etc. The software cost us $500 to buy, and then the yearly updates were usually $200-$300. Or you can subscribe to the online version for $39/month and be done with it. It's automatically backed up, you don't have to host it on your own server, or worry about upgrade issues or users with problems, etc. Time is money. Spend your time doing what you know how to do, and hire someone else to do the other tasks. :) Travis On 10/15/2014 9:31 PM, Tyler Treat via Af wrote: True story. ___ Mangled by my iPhone. ___ Tyler Treat Corn Belt Technologies, Inc. tyler.tr...@cornbelttech.com ___ On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com wrote: Yeah, SaaS is great for the company that owns it, not so great for everyone else. On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com wrote: Nope... mainly SaaS companies and real estate. Best of both worlds. :) Travis On 10/15/2014 3:40 PM, Gino Villarini via Af wrote: Someone told me you were getting into manufacturing�� Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote: It just depends on the day... :) Involved in 11 companies now, and looking at a 12th. Always stuff going on. LOL Travis On 10/15/2014 3:16 PM, Gino Villarini via Af wrote: Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini
[AFMUG] SM Isolation question
SaaS makes sense for some applications, but a lot of what I'm seeing it applied to is just a money grab. Some things are just set up and go, I don't need updates or support, so long as the software does what I bought it to do. A great example of this is a point of sale system I'm installing. Nearly every company wanted an upfront fee plus anywhere from $40-$60 / terminal / month. I found software that allows multiple terminals for $1k (no monthly recurring). This will pay for itself in probably 6 months. On Thursday, October 16, 2014, Travis Johnson via Af af@afmug.com javascript:_e(%7B%7D,'cvml','af@afmug.com'); wrote: How do you figure? Everything will eventually be SaaS... and it's a much better model for both sides. The software stays updated and current and bug fixes are instant. The initial cost to start with the software is usually 1/10th what it would be to buy, and it allows people to use the software from anywhere. Many years ago, I was of the same opinion. Then I started to realize my time (or anyone else's time) was better spent focusing on the product we sold rather than installing/fixing/supporting someone else's software. I know I personally spent at least 50+ hours over the previous 15 years installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a server, setting up the shares, mapping drive letters, installing it on each PC, etc. The software cost us $500 to buy, and then the yearly updates were usually $200-$300. Or you can subscribe to the online version for $39/month and be done with it. It's automatically backed up, you don't have to host it on your own server, or worry about upgrade issues or users with problems, etc. Time is money. Spend your time doing what you know how to do, and hire someone else to do the other tasks. :) Travis On 10/15/2014 9:31 PM, Tyler Treat via Af wrote: True story. ___ Mangled by my iPhone. ___ Tyler Treat Corn Belt Technologies, Inc. tyler.tr...@cornbelttech.com ___ On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com wrote: Yeah, SaaS is great for the company that owns it, not so great for everyone else. On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com wrote: Nope... mainly SaaS companies and real estate. Best of both worlds. :) Travis On 10/15/2014 3:40 PM, Gino Villarini via Af wrote: Someone told me you were getting into manufacturing�� Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote: It just depends on the day... :) Involved in 11 companies now, and looking at a 12th. Always stuff going on. LOL Travis On 10/15/2014 3:16 PM, Gino Villarini via Af wrote: Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote: The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office and the office when at home. So I set up a mangle rule in my Mikortik to mark the packets with a routing mark based on the SRC and DST addresses, and then used a static route for anything what that mark and send it back to the AP port. It doesn't work, what am I doing wrong, any suggestions short of disabling SM isolation?
Re: [AFMUG] SM Isolation question
AutodeskThey still charge thousands of a copy of autoCAD, but you can get it on a month to month basis for $60/month, or pay for a whole year and it's like $35/month. I would never have been able to justify paying them $3k for something I would use 4 times a year, but I can pay them $60 each for the four times I want to use it. Before that I would limit my use to twice a yearone 30 day demo of the current release of autoCAD and one 30 day demo of the current autoCAD LT. I don’t dispute that, or that SaaS is the wave of the future (present?), just I find Intuit to be a money-grubbing borderline unethical company to deal with, that nonetheless dominates their market niche. Probably because the accountants all use it. As far as getting the bug fixes immediately because you subscribe as a service, that would mean more if it didn’t take Intuit years to fix bugs. There is actually very little improvement from year to year in Quickbooks, it is mostly cosmetic or related to new services they want to sell you. Which tend to be pretty poor, for example their payroll service is really pathetic, you’re almost better off filling out the tax forms by hand. But as an other example of SaaS, Adobe has gone heavily that direction with their creative suites. If you are a graphic designer or web designer, I’m sure it’s a very good deal. For someone like me with an owned copy of Photoshop, it probably doesn’t make sense to start paying monthly, since I could care less about having the latest improvements, I don’t use it intensively enough to make it worthwhile. Maybe for Dreamweaver since HTML techniques are changing all the time. At least Adobe doesn’t require that you are connected to the Internet in order to use the software. I don’t really have any problem with their approach, even though it doesn’t work out so well for me. *From:* Travis Johnson via Af mailto:af@afmug.com *Sent:* Thursday, October 16, 2014 9:38 AM *To:* af@afmug.com mailto:af@afmug.com *Subject:* Re: [AFMUG] SM Isolation question I haven't seen the same results... every single company I am involved with, and even the 20+ that I have met with over the last three months have all used Quickbooks. Travis On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote: I would not use anything related to Quickbooks as an example of the best way to do something. Your only choices from Intuit are how you get screwed, not whether. *From:* Travis Johnson via Af mailto:af@afmug.com *Sent:* Thursday, October 16, 2014 9:02 AM *To:* af@afmug.com mailto:af@afmug.com *Subject:* Re: [AFMUG] SM Isolation question How do you figure? Everything will eventually be SaaS... and it's a much better model for both sides. The software stays updated and current and bug fixes are instant. The initial cost to start with the software is usually 1/10th what it would be to buy, and it allows people to use the software from anywhere. Many years ago, I was of the same opinion. Then I started to realize my time (or anyone else's time) was better spent focusing on the product we sold rather than installing/fixing/supporting someone else's software. I know I personally spent at least 50+ hours over the previous 15 years installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a server, setting up the shares, mapping drive letters, installing it on each PC, etc. The software cost us $500 to buy, and then the yearly updates were usually $200-$300. Or you can subscribe to the online version for $39/month and be done with it. It's automatically backed up, you don't have to host it on your own server, or worry about upgrade issues or users with problems, etc. Time is money. Spend your time doing what you know how to do, and hire someone else to do the other tasks. :) Travis On 10/15/2014 9:31 PM, Tyler Treat via Af wrote: True story. ___ Mangled by my iPhone. ___ Tyler Treat Corn Belt Technologies, Inc. tyler.tr...@cornbelttech.com mailto:tyler.tr...@cornbelttech.com ___ On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com mailto:af@afmug.com wrote: Yeah, SaaS is great for the company that owns it, not so great for everyone else. On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com mailto:af@afmug.com wrote: Nope... mainly SaaS companies and real estate. Best of both worlds. :) Travis On 10/15/2014 3:40 PM, Gino Villarini via Af wrote: Someone told me you were getting into manufacturing�� Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com http://www.aeronetpr.com @aeronetpr On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote: It just depends on the day... :) Involved in 11 companies now, and looking at a 12th. Always stuff going
Re: [AFMUG] SM Isolation question
I've got to say I'm firmly on the fence with regard to this issue. The last time we paid for MS Office was back in 2000 (seriously). I think we paid $400 or $500 for it, and it was the type of thing that we could load on a couple of PCs for the duration. Yes, it got long in tooth, but it worked, and it did what we wanted. That came to about $16 per PC per year. Pretty good deal, and I don't think we missed out on much. Sure, a couple of years ago, MS made a major change to file formats that the old version couldn't open, but they also provided viewers and converters so we made do. However, most of the office files you see these days are the new format, so we decided to get the new version as a service. We're paying $150 per year for 5 seats (which we only need 4 of). So that will be $37 per PC per year (or $30 per PC per year if we install it on another PC). Call that inflation, but it also gets updates on a more-or-less continuous basis. The biggest downside is that the new office contains a bunch of cruff that we don't need, and probably won't use. Call it progress, or whatever. I've seen a bunch of model-evolutions over the years, and this just seems to be the latest. bp On 10/16/2014 8:21 AM, Adam Moffett via Af wrote: AutodeskThey still charge thousands of a copy of autoCAD, but you can get it on a month to month basis for $60/month, or pay for a whole year and it's like $35/month. I would never have been able to justify paying them $3k for something I would use 4 times a year, but I can pay them $60 each for the four times I want to use it. Before that I would limit my use to twice a yearone 30 day demo of the current release of autoCAD and one 30 day demo of the current autoCAD LT. I don’t dispute that, or that SaaS is the wave of the future (present?), just I find Intuit to be a money-grubbing borderline unethical company to deal with, that nonetheless dominates their market niche. Probably because the accountants all use it. As far as getting the bug fixes immediately because you subscribe as a service, that would mean more if it didn’t take Intuit years to fix bugs. There is actually very little improvement from year to year in Quickbooks, it is mostly cosmetic or related to new services they want to sell you. Which tend to be pretty poor, for example their payroll service is really pathetic, you’re almost better off filling out the tax forms by hand. But as an other example of SaaS, Adobe has gone heavily that direction with their creative suites. If you are a graphic designer or web designer, I’m sure it’s a very good deal. For someone like me with an owned copy of Photoshop, it probably doesn’t make sense to start paying monthly, since I could care less about having the latest improvements, I don’t use it intensively enough to make it worthwhile. Maybe for Dreamweaver since HTML techniques are changing all the time. At least Adobe doesn’t require that you are connected to the Internet in order to use the software. I don’t really have any problem with their approach, even though it doesn’t work out so well for me. *From:* Travis Johnson via Af mailto:af@afmug.com *Sent:* Thursday, October 16, 2014 9:38 AM *To:* af@afmug.com mailto:af@afmug.com *Subject:* Re: [AFMUG] SM Isolation question I haven't seen the same results... every single company I am involved with, and even the 20+ that I have met with over the last three months have all used Quickbooks. Travis On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote: I would not use anything related to Quickbooks as an example of the best way to do something. Your only choices from Intuit are how you get screwed, not whether. *From:* Travis Johnson via Af mailto:af@afmug.com *Sent:* Thursday, October 16, 2014 9:02 AM *To:* af@afmug.com mailto:af@afmug.com *Subject:* Re: [AFMUG] SM Isolation question How do you figure? Everything will eventually be SaaS... and it's a much better model for both sides. The software stays updated and current and bug fixes are instant. The initial cost to start with the software is usually 1/10th what it would be to buy, and it allows people to use the software from anywhere. Many years ago, I was of the same opinion. Then I started to realize my time (or anyone else's time) was better spent focusing on the product we sold rather than installing/fixing/supporting someone else's software. I know I personally spent at least 50+ hours over the previous 15 years installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a server, setting up the shares, mapping drive letters, installing it on each PC, etc. The software cost us $500 to buy, and then the yearly updates were usually $200-$300. Or you can subscribe to the online version for $39/month and be done with it. It's automatically backed up, you don't have to host it on your own server, or worry about upgrade issues or users with problems, etc. Time
Re: [AFMUG] SM Isolation question
My main complaint about Office 365 is it’s extremely confusing, as there seems to be a run locally but subscribe to online updates model, as well as a totally cloud based model where everything’s in the cloud including your data. And if a customer calls having trouble with Office 365, they of course don’t have a clue how they are set up. Add the fact that someone buys a new computer like a Surface and the first thing it has you do is set up a Microsoft email address as a login for the computer, and starts backing up your data by default on Skydrive. Or is it Onedrive now? Thing is, average customer without an IT department actually doesn’t understand where on the continuum from “box software” to Saas and “in the cloud” he is. Where is my software? Where is my data? Am I launching software, or a browser window? Can I use it without an Internet connection? What happens if I stop my subscription? I dunno. Who do I call? It says to call my network administrator. That must mean my ISP. OK, dialing my ISP now. From: Bill Prince via Af Sent: Thursday, October 16, 2014 10:41 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question I've got to say I'm firmly on the fence with regard to this issue. The last time we paid for MS Office was back in 2000 (seriously). I think we paid $400 or $500 for it, and it was the type of thing that we could load on a couple of PCs for the duration. Yes, it got long in tooth, but it worked, and it did what we wanted. That came to about $16 per PC per year. Pretty good deal, and I don't think we missed out on much. Sure, a couple of years ago, MS made a major change to file formats that the old version couldn't open, but they also provided viewers and converters so we made do. However, most of the office files you see these days are the new format, so we decided to get the new version as a service. We're paying $150 per year for 5 seats (which we only need 4 of). So that will be $37 per PC per year (or $30 per PC per year if we install it on another PC). Call that inflation, but it also gets updates on a more-or-less continuous basis. The biggest downside is that the new office contains a bunch of cruff that we don't need, and probably won't use. Call it progress, or whatever. I've seen a bunch of model-evolutions over the years, and this just seems to be the latest. bpOn 10/16/2014 8:21 AM, Adam Moffett via Af wrote: AutodeskThey still charge thousands of a copy of autoCAD, but you can get it on a month to month basis for $60/month, or pay for a whole year and it's like $35/month. I would never have been able to justify paying them $3k for something I would use 4 times a year, but I can pay them $60 each for the four times I want to use it. Before that I would limit my use to twice a yearone 30 day demo of the current release of autoCAD and one 30 day demo of the current autoCAD LT. I don’t dispute that, or that SaaS is the wave of the future (present?), just I find Intuit to be a money-grubbing borderline unethical company to deal with, that nonetheless dominates their market niche. Probably because the accountants all use it. As far as getting the bug fixes immediately because you subscribe as a service, that would mean more if it didn’t take Intuit years to fix bugs. There is actually very little improvement from year to year in Quickbooks, it is mostly cosmetic or related to new services they want to sell you. Which tend to be pretty poor, for example their payroll service is really pathetic, you’re almost better off filling out the tax forms by hand. But as an other example of SaaS, Adobe has gone heavily that direction with their creative suites. If you are a graphic designer or web designer, I’m sure it’s a very good deal. For someone like me with an owned copy of Photoshop, it probably doesn’t make sense to start paying monthly, since I could care less about having the latest improvements, I don’t use it intensively enough to make it worthwhile. Maybe for Dreamweaver since HTML techniques are changing all the time. At least Adobe doesn’t require that you are connected to the Internet in order to use the software. I don’t really have any problem with their approach, even though it doesn’t work out so well for me. From: Travis Johnson via Af Sent: Thursday, October 16, 2014 9:38 AM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question I haven't seen the same results... every single company I am involved with, and even the 20+ that I have met with over the last three months have all used Quickbooks. Travis On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote: I would not use anything related to Quickbooks as an example of the best way to do something. Your only choices from Intuit are how you get screwed, not whether. From: Travis Johnson via Af Sent: Thursday, October 16, 2014 9:02 AM
Re: [AFMUG] SM Isolation question
+1 Travis On 10/16/2014 9:02 AM, Travis Johnson via Af wrote: How do you figure? Everything will eventually be SaaS... and it's a much better model for both sides. The software stays updated and current and bug fixes are instant. The initial cost to start with the software is usually 1/10th what it would be to buy, and it allows people to use the software from anywhere. Many years ago, I was of the same opinion. Then I started to realize my time (or anyone else's time) was better spent focusing on the product we sold rather than installing/fixing/supporting someone else's software. I know I personally spent at least 50+ hours over the previous 15 years installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a server, setting up the shares, mapping drive letters, installing it on each PC, etc. The software cost us $500 to buy, and then the yearly updates were usually $200-$300. Or you can subscribe to the online version for $39/month and be done with it. It's automatically backed up, you don't have to host it on your own server, or worry about upgrade issues or users with problems, etc. Time is money. Spend your time doing what you know how to do, and hire someone else to do the other tasks. :) Travis On 10/15/2014 9:31 PM, Tyler Treat via Af wrote: True story. ___ Mangled by my iPhone. ___ Tyler Treat Corn Belt Technologies, Inc. tyler.tr...@cornbelttech.com mailto:tyler.tr...@cornbelttech.com ___ On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com mailto:af@afmug.com wrote: Yeah, SaaS is great for the company that owns it, not so great for everyone else. On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com mailto:af@afmug.com wrote: Nope... mainly SaaS companies and real estate. Best of both worlds. :) Travis On 10/15/2014 3:40 PM, Gino Villarini via Af wrote: Someone told me you were getting into manufacturing�� Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com http://www.aeronetpr.com @aeronetpr On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote: It just depends on the day... :) Involved in 11 companies now, and looking at a 12th. Always stuff going on. LOL Travis On 10/15/2014 3:16 PM, Gino Villarini via Af wrote: Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com http://www.aeronetpr.com @aeronetpr On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote: The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on
Re: [AFMUG] SM Isolation question
The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office and the office when at home. So I set up a mangle rule in my Mikortik to mark the packets with a routing mark based on the SRC and DST addresses, and then used a static route for anything what that mark and send it back to the AP port. It doesn't work, what am I doing wrong, any suggestions short of disabling SM isolation?
Re: [AFMUG] SM Isolation question
As others have said, put the two locations on different subnets. That will get around the issue. You could also segment using Vlans which would allow you to retain DHCP if you use DHCP. We always have Isolation enabled. We happen to use a few vlans to further segment the traffic and if a customer has 2 SMs on the same AP, we make sure that the public facing IPs are on different networks. Gilbert On 10/15/2014 12:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office and the office when at home. So I set up a mangle rule in my Mikortik to mark the packets with a routing mark based on the SRC and DST addresses, and then used a static route for anything what that mark and send it back to the AP port. It doesn't work, what am I doing wrong, any suggestions short of disabling SM isolation?
Re: [AFMUG] SM Isolation question
Thank you all for the assist, we will be moving one of the locations to a separate subnet. Much appreciated. -- Christopher Tyler MTCRE/MTCNA/MTCTCE/MTCWE Total Highspeed Internet Services 417.851.1107 - Original Message - From: Gilbert T. Gutierrez, Jr. via Af af@afmug.com To: af@afmug.com Sent: Wednesday, October 15, 2014 3:54:59 PM Subject: Re: [AFMUG] SM Isolation question As others have said, put the two locations on different subnets. That will get around the issue. You could also segment using Vlans which would allow you to retain DHCP if you use DHCP. We always have Isolation enabled. We happen to use a few vlans to further segment the traffic and if a customer has 2 SMs on the same AP, we make sure that the public facing IPs are on different networks. Gilbert On 10/15/2014 12:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office and the office when at home. So I set up a mangle rule in my Mikortik to mark the packets with a routing mark based on the SRC and DST addresses, and then used a static route for anything what that mark and send it back to the AP port. It doesn't work, what am I doing wrong, any suggestions short of disabling SM isolation?
Re: [AFMUG] SM Isolation question
Which is why you should use Canopy's QoS. On 10/15/2014 3:14 PM, Travis Johnson via Af wrote: The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office and the office when at home. So I set up a mangle rule in my Mikortik to mark the packets with a routing mark based on the SRC and DST addresses, and then used a static route for anything what that mark and send it back to the AP port. It doesn't work, what am I doing wrong, any suggestions short of disabling SM isolation?
Re: [AFMUG] SM Isolation question
We don’t have that exact scenario, but you could monitor or throttle through a router (Mikrotik) or use the SM QOS to help mitigate that (somewhat) -Original Message- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Travis Johnson via Af Sent: Wednesday, October 15, 2014 4:14 PM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office and the office when at home. So I set up a mangle rule in my Mikortik to mark the packets with a routing mark based on the SRC and DST addresses, and then used a static route for anything what that mark and send it back to the AP port. It doesn't work, what am I doing wrong, any suggestions short of disabling SM isolation?
Re: [AFMUG] SM Isolation question
Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote: The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office and the office when at home. So I set up a mangle rule in my Mikortik to mark the packets with a routing mark based on the SRC and DST addresses, and then used a static route for anything what that mark and send it back to the AP port. It doesn't work, what am I doing wrong, any suggestions short of disabling SM isolation?
Re: [AFMUG] SM Isolation question
Most addiction recovery programs tell you to not hang around with the same crowd... -Original Message- From: Gino Villarini via Af Sent: Wednesday, October 15, 2014 3:16 PM To: af@afmug.com Subject: Re: [AFMUG] SM Isolation question Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote: The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office and the office when at home. So I set up a mangle rule in my Mikortik to mark the packets with a routing mark based on the SRC and DST addresses, and then used a static route for anything what that mark and send it back to the AP port. It doesn't work, what am I doing wrong, any suggestions short of disabling SM isolation?
Re: [AFMUG] SM Isolation question
It just depends on the day... :) Involved in 11 companies now, and looking at a 12th. Always stuff going on. LOL Travis On 10/15/2014 3:16 PM, Gino Villarini via Af wrote: Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote: The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office and the office when at home. So I set up a mangle rule in my Mikortik to mark the packets with a routing mark based on the SRC and DST addresses, and then used a static route for anything what that mark and send it back to the AP port. It doesn't work, what am I doing wrong, any suggestions short of disabling SM isolation?
Re: [AFMUG] SM Isolation question
Someone told me you were getting into manufacturingŠŠ Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote: It just depends on the day... :) Involved in 11 companies now, and looking at a 12th. Always stuff going on. LOL Travis On 10/15/2014 3:16 PM, Gino Villarini via Af wrote: Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote: The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office and the office when at home. So I set up a mangle rule in my Mikortik to mark the packets with a routing mark based on the SRC and DST addresses, and then used a static route for anything what that mark and send it back to the AP port. It doesn't work, what am I doing wrong, any suggestions short of disabling SM isolation?
Re: [AFMUG] SM Isolation question
Yeah, SaaS is great for the company that owns it, not so great for everyone else. On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com wrote: Nope... mainly SaaS companies and real estate. Best of both worlds. :) Travis On 10/15/2014 3:40 PM, Gino Villarini via Af wrote: Someone told me you were getting into manufacturing�� Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote: It just depends on the day... :) Involved in 11 companies now, and looking at a 12th. Always stuff going on. LOL Travis On 10/15/2014 3:16 PM, Gino Villarini via Af wrote: Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.com @aeronetpr On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote: The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office and the office when at home. So I set up a mangle rule in my Mikortik to mark the packets with a routing mark based on the SRC and DST addresses, and then used a static route for anything what that mark and send it back to the AP port. It doesn't work, what am I doing wrong, any suggestions short of disabling SM isolation?
Re: [AFMUG] SM Isolation question
True story. ___ Mangled by my iPhone. ___ Tyler Treat Corn Belt Technologies, Inc. tyler.tr...@cornbelttech.commailto:tyler.tr...@cornbelttech.com ___ On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.commailto:af@afmug.com wrote: Yeah, SaaS is great for the company that owns it, not so great for everyone else. On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.commailto:af@afmug.com wrote: Nope... mainly SaaS companies and real estate. Best of both worlds. :) Travis On 10/15/2014 3:40 PM, Gino Villarini via Af wrote: Someone told me you were getting into manufacturing??(1/2)??(1/2) Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.comhttp://www.aeronetpr.com @aeronetpr On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote: It just depends on the day... :) Involved in 11 companies now, and looking at a 12th. Always stuff going on. LOL Travis On 10/15/2014 3:16 PM, Gino Villarini via Af wrote: Travis, are you getting bored at your current job? Lol!! Great to see you active in the list! Gino A. Villarini President Aeronet Wireless Broadband Corp. www.aeronetpr.comhttp://www.aeronetpr.com @aeronetpr On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote: The other issue is p2p traffic between two people on the same AP and if you are doing bandwidth shaping in your router, even at the tower, you will never see these packets. Or in the case the original poster asked about, that customer could keep a high-def window open of all their video cameras at the other location, using 3-4Mbps of constant traffic, and you would never see it. Travis On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote: When you forward SM-to-SM traffic upstream, there's nothing the router can do about it. Put the two locations on different IP subnets so that traffic between the two has to be routed. Or turn off SM isolation. I leave SM isolation off because I'm not that paranoid. The biggest risk is broadcast/multicast crap flying around. So use the SM uplink broadcast/multicast rate limiting. This is one of the best features of Canopy, IMO. On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote: We have a customer that has two SM's on the same AP at separate physical locations (home and office). The have a DVR at each location that they want to view. Everything is configured properly on their end to view the DVR's on port 80 through their routers. Problem is that we have SM isolation turned on with option 2 to forward packets upstream and they want to see the home when at the office and the office when at home. So I set up a mangle rule in my Mikortik to mark the packets with a routing mark based on the SRC and DST addresses, and then used a static route for anything what that mark and send it back to the AP port. It doesn't work, what am I doing wrong, any suggestions short of disabling SM isolation?