Re: [AFMUG] SM Isolation Question

[Gino Villarini]

you cant route between them? thats weird! it seems you have assigned ip
space on the same block...

On Tue, May 24, 2016 at 8:51 PM, Gerard Dupont III 
wrote:

> On our fiber network I use port isolation and mac forced forwarding(not
> available in MikroTik) to accomplish layer2 isolation but still allow
> client to client unicast traffic.
>
> Proxy arp is as close to MACFF as you can get in MikroTik. I think you
> should be able to use option 2 if you use a different vlan per customer
> site(use the default vlan setting in each canopy SM so each site has
> a unique vlan) then enable proxy arp for each vlan in your router. I don't
> remember if you have to have an ip on the vlan for it to work or not. If
> it doesn't work try adding an ip on each vlan. So you don't waste ips you
> can use point to point addressing. IE address=routerip/32
> network=customerIpForThisVlan. You might be able to get by with some static
> arp entries instead of adding an ip to each vlan. I'm not sure how MikroTik
> handles that.
>
> I suck at explaining myself so I hope this makes sense. You can contact me
> offlist if you want to chat/talk about it.
>
> Gerard
>
>
> On Tuesday, May 24, 2016, Craig Schmaderer 
> wrote:
>
>> Example:
>>
>> I have a 450 Access Point that has 3 sms belonging to one company with 3
>> sites.
>>
>> This client wants to have vpns between all locations.  They are all on
>> the same layer 2 network (same vlan)
>>
>>
>>
>> Options and expected outcomes
>>
>> · Disable SM Isolation (the default selection). This allows full
>> communication between SMs.
>>
>> -  Works fine, all traffic can pass, Expected…..
>>
>>
>>
>> · Enable Option 1 - Block SM destined packets from being forwarded. This
>> prevents both multicast/broadcast and unicast SM-to-SM communication.
>>
>> -  Doesn’t work, can establish connections between sms.
>> Expected……
>>
>>
>>
>> · Enable Option 2 - Forward SM destined packets upstream. This not only
>> prevents multicast/broadcast and unicast SM-to-SM communication but also
>> sends the packets, which otherwise may have been handled SM to SM, through
>> the Ethernet port of the AP.
>>
>> -  Doesn’t work, I thought this would work, I assumed all
>> packets would be sent upstream to the router than the router would send it
>> back to the clients, similar to how mac forced forwarding works on my fiber
>> network.
>>
>>
>>
>> So I guess my question is “Am I totally miss understanding what option 2
>> does?  Is the only possible way to allow vpn traffic between sms on the
>> same access points have to have “Disable SM Isolation set?”
>>
>>
>>
>> Thanks, Craig.
>>
>>
>>
>> *Craig R. Schmaderer*
>>
>> *CEO | Skywave Wireless, Inc.*
>>
>> *Ph: 402-372-1975 <402-372-1975> | Fax: 402-372-1058 <402-372-1058>*
>>
>> *Direct: 402-372-1052 <402-372-1052>*
>>
>>
>>
>

[AFMUG] SM Isolation Question

[Gerard Dupont III]

On our fiber network I use port isolation and mac forced forwarding(not
available in MikroTik) to accomplish layer2 isolation but still allow
client to client unicast traffic.

Proxy arp is as close to MACFF as you can get in MikroTik. I think you
should be able to use option 2 if you use a different vlan per customer
site(use the default vlan setting in each canopy SM so each site has
a unique vlan) then enable proxy arp for each vlan in your router. I don't
remember if you have to have an ip on the vlan for it to work or not. If
it doesn't work try adding an ip on each vlan. So you don't waste ips you
can use point to point addressing. IE address=routerip/32
network=customerIpForThisVlan. You might be able to get by with some static
arp entries instead of adding an ip to each vlan. I'm not sure how MikroTik
handles that.

I suck at explaining myself so I hope this makes sense. You can contact me
offlist if you want to chat/talk about it.

Gerard


On Tuesday, May 24, 2016, Craig Schmaderer > wrote:

> Example:
>
> I have a 450 Access Point that has 3 sms belonging to one company with 3
> sites.
>
> This client wants to have vpns between all locations.  They are all on the
> same layer 2 network (same vlan)
>
>
>
> Options and expected outcomes
>
> · Disable SM Isolation (the default selection). This allows full
> communication between SMs.
>
> -  Works fine, all traffic can pass, Expected…..
>
>
>
> · Enable Option 1 - Block SM destined packets from being forwarded. This
> prevents both multicast/broadcast and unicast SM-to-SM communication.
>
> -  Doesn’t work, can establish connections between sms.
> Expected……
>
>
>
> · Enable Option 2 - Forward SM destined packets upstream. This not only
> prevents multicast/broadcast and unicast SM-to-SM communication but also
> sends the packets, which otherwise may have been handled SM to SM, through
> the Ethernet port of the AP.
>
> -  Doesn’t work, I thought this would work, I assumed all packets
> would be sent upstream to the router than the router would send it back to
> the clients, similar to how mac forced forwarding works on my fiber
> network.
>
>
>
> So I guess my question is “Am I totally miss understanding what option 2
> does?  Is the only possible way to allow vpn traffic between sms on the
> same access points have to have “Disable SM Isolation set?”
>
>
>
> Thanks, Craig.
>
>
>
> *Craig R. Schmaderer*
>
> *CEO | Skywave Wireless, Inc.*
>
> *Ph: 402-372-1975 | Fax: 402-372-1058*
>
> *Direct: 402-372-1052*
>
>
>

Re: [AFMUG] SM Isolation Question

[Lewis Bergman]

we ran SM isolation on all our AP's and never had to disable it when we
used /30's and tunneling.

On Tue, May 24, 2016 at 4:16 PM Craig Schmaderer <cr...@skywaveconnect.com>
wrote:

> Yeah I was trying to keep this simple and leaving isolation on but it
> looks like on that ap ill have to disable it.  For what it is worth, I do
> believe that anyone that wants to run vpns between locations should be able
> to do it without any special treatment,
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *George Skorup
> *Sent:* Tuesday, May 24, 2016 11:51 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] SM Isolation Question
>
>
>
> Disable SM isolation or route between them (/30's or whatever).
>
> On 5/24/2016 11:36 AM, Craig Schmaderer wrote:
>
> Example:
>
> I have a 450 Access Point that has 3 sms belonging to one company with 3
> sites.
>
> This client wants to have vpns between all locations.� They are all on
> the same layer 2 network (same vlan)
>
> �
>
> Options and expected outcomes
>
> � Disable SM Isolation (the default selection). This allows full
> communication between SMs.
>
> -  Works fine, all traffic can pass, Expected�..
>
> ���������������
>
> � Enable Option 1 - Block SM destined packets from being forwarded.
> This prevents both multicast/broadcast and unicast SM-to-SM communication.
>
> -  Doesn�t work, can establish connections between sms.�
> Expected��
>
> �
>
> � Enable Option 2 - Forward SM destined packets upstream. This not only
> prevents multicast/broadcast and unicast SM-to-SM communication but also
> sends the packets, which otherwise may have been handled SM to SM, through
> the Ethernet port of the AP.
>
> -  Doesn�t work, I thought this would work, I assumed all
> packets would be sent upstream to the router than the router would send it
> back to the clients, similar to how mac forced forwarding works on my fiber
> network.�
>
> �
>
> So I guess my question is �Am I totally miss understanding what option 2
> does?� Is the only possible way to allow vpn traffic between sms on the
> same access points have to have �Disable SM Isolation set?�
>
> �
>
> Thanks, Craig.
>
> �
>
> *Craig R. Schmaderer*
>
> *CEO | Skywave Wireless, Inc.*
>
> *Ph: 402-372-1975 | Fax: 402-372-1058*
>
> *Direct: 402-372-1052*
>
> �
>
>
>

Re: [AFMUG] SM Isolation Question

[Craig Schmaderer]

Yeah I was trying to keep this simple and leaving isolation on but it looks 
like on that ap ill have to disable it.  For what it is worth, I do believe 
that anyone that wants to run vpns between locations should be able to do it 
without any special treatment,

From: Af [mailto:af-boun...@afmug.com] On Behalf Of George Skorup
Sent: Tuesday, May 24, 2016 11:51 AM
To: af@afmug.com
Subject: Re: [AFMUG] SM Isolation Question

Disable SM isolation or route between them (/30's or whatever).
On 5/24/2016 11:36 AM, Craig Schmaderer wrote:
Example:
I have a 450 Access Point that has 3 sms belonging to one company with 3 sites.
This client wants to have vpns between all locations.� They are all on the 
same layer 2 network (same vlan)
�
Options and expected outcomes
*** Disable SM Isolation (the default selection). This allows full 
communication between SMs.

-  Works fine, all traffic can pass, Expected�..
���������������
*** Enable Option 1 - Block SM destined packets from being forwarded. This 
prevents both multicast/broadcast and unicast SM-to-SM communication.

-  Doesn�t work, can establish connections between sms.� 
Expected��

�
*** Enable Option 2 - Forward SM destined packets upstream. This not only 
prevents multicast/broadcast and unicast SM-to-SM communication but also sends 
the packets, which otherwise may have been handled SM to SM, through the 
Ethernet port of the AP.

-  Doesn�t work, I thought this would work, I assumed all packets 
would be sent upstream to the router than the router would send it back to the 
clients, similar to how mac forced forwarding works on my fiber network.�
�
So I guess my question is �Am I totally miss understanding what option 2 
does?� Is the only possible way to allow vpn traffic between sms on the same 
access points have to have �Disable SM Isolation set?�
�
Thanks, Craig.
�
Craig R. Schmaderer
CEO | Skywave Wireless, Inc.
Ph: 402-372-1975 | Fax: 402-372-1058
Direct: 402-372-1052
�

Re: [AFMUG] SM Isolation Question

[Seth Mattinen]

Sell the customer a VPLS-based solution.

~Seth

Re: [AFMUG] SM Isolation Question

[Lewis Bergman]

I saw a couple of ISP's actually go out of business trying To let customers
treat the isp network as Their own.  We always assigned public /30 to each
and rooted the tunnels

On Tue, May 24, 2016 at 11:46 AM That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> take them out of the vlan and do option 2
>
> On Tue, May 24, 2016 at 11:36 AM, Craig Schmaderer <
> cr...@skywaveconnect.com> wrote:
>
>> Example:
>>
>> I have a 450 Access Point that has 3 sms belonging to one company with 3
>> sites.
>>
>> This client wants to have vpns between all locations.  They are all on
>> the same layer 2 network (same vlan)
>>
>>
>>
>> Options and expected outcomes
>>
>> · Disable SM Isolation (the default selection). This allows full
>> communication between SMs.
>>
>> -  Works fine, all traffic can pass, Expected…..
>>
>>
>>
>> · Enable Option 1 - Block SM destined packets from being forwarded. This
>> prevents both multicast/broadcast and unicast SM-to-SM communication.
>>
>> -  Doesn’t work, can establish connections between sms.
>> Expected……
>>
>>
>>
>> · Enable Option 2 - Forward SM destined packets upstream. This not only
>> prevents multicast/broadcast and unicast SM-to-SM communication but also
>> sends the packets, which otherwise may have been handled SM to SM, through
>> the Ethernet port of the AP.
>>
>> -  Doesn’t work, I thought this would work, I assumed all
>> packets would be sent upstream to the router than the router would send it
>> back to the clients, similar to how mac forced forwarding works on my fiber
>> network.
>>
>>
>>
>> So I guess my question is “Am I totally miss understanding what option 2
>> does?  Is the only possible way to allow vpn traffic between sms on the
>> same access points have to have “Disable SM Isolation set?”
>>
>>
>>
>> Thanks, Craig.
>>
>>
>>
>> *Craig R. Schmaderer*
>>
>> *CEO | Skywave Wireless, Inc.*
>>
>> *Ph: 402-372-1975 <402-372-1975> | Fax: 402-372-1058 <402-372-1058>*
>>
>> *Direct: 402-372-1052 <402-372-1052>*
>>
>>
>>
>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

Re: [AFMUG] SM Isolation Question

[George Skorup]

Disable SM isolation or route between them (/30's or whatever).

On 5/24/2016 11:36 AM, Craig Schmaderer wrote:


Example:

I have a 450 Access Point that has 3 sms belonging to one company with 
3 sites.


This client wants to have vpns between all locations.  They are all on 
the same layer 2 network (same vlan)


Options and expected outcomes

� Disable SM Isolation (the default selection). This allows full 
communication between SMs.


-Works fine, all traffic can pass, Expected�..

� Enable Option 1 - Block SM destined packets from being forwarded. 
This prevents both multicast/broadcast and unicast SM-to-SM 
communication.


-Doesn�t work, can establish connections between sms.  Expected��

� Enable Option 2 - Forward SM destined packets upstream. This not 
only prevents multicast/broadcast and unicast SM-to-SM communication 
but also sends the packets, which otherwise may have been handled SM 
to SM, through the Ethernet port of the AP.


-Doesn�t work, I thought this would work, I assumed all packets would 
be sent upstream to the router than the router would send it back to 
the clients, similar to how mac forced forwarding works on my fiber 
network.


So I guess my question is �Am I totally miss understanding what option 
2 does?  Is the only possible way to allow vpn traffic between sms on 
the same access points have to have �Disable SM Isolation set?�


Thanks, Craig.

/Craig R. Schmaderer/

/CEO | Skywave Wireless, Inc./

/Ph: 402-372-1975 | Fax: 402-372-1058/

/Direct: 402-372-1052/

Re: [AFMUG] SM Isolation Question

[That One Guy /sarcasm]

take them out of the vlan and do option 2

On Tue, May 24, 2016 at 11:36 AM, Craig Schmaderer  wrote:

> Example:
>
> I have a 450 Access Point that has 3 sms belonging to one company with 3
> sites.
>
> This client wants to have vpns between all locations.  They are all on the
> same layer 2 network (same vlan)
>
>
>
> Options and expected outcomes
>
> · Disable SM Isolation (the default selection). This allows full
> communication between SMs.
>
> -  Works fine, all traffic can pass, Expected…..
>
>
>
> · Enable Option 1 - Block SM destined packets from being forwarded. This
> prevents both multicast/broadcast and unicast SM-to-SM communication.
>
> -  Doesn’t work, can establish connections between sms.
> Expected……
>
>
>
> · Enable Option 2 - Forward SM destined packets upstream. This not only
> prevents multicast/broadcast and unicast SM-to-SM communication but also
> sends the packets, which otherwise may have been handled SM to SM, through
> the Ethernet port of the AP.
>
> -  Doesn’t work, I thought this would work, I assumed all packets
> would be sent upstream to the router than the router would send it back to
> the clients, similar to how mac forced forwarding works on my fiber
> network.
>
>
>
> So I guess my question is “Am I totally miss understanding what option 2
> does?  Is the only possible way to allow vpn traffic between sms on the
> same access points have to have “Disable SM Isolation set?”
>
>
>
> Thanks, Craig.
>
>
>
> *Craig R. Schmaderer*
>
> *CEO | Skywave Wireless, Inc.*
>
> *Ph: 402-372-1975 <402-372-1975> | Fax: 402-372-1058 <402-372-1058>*
>
> *Direct: 402-372-1052 <402-372-1052>*
>
>
>



-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

[AFMUG] SM Isolation Question

[Craig Schmaderer]

Example:
I have a 450 Access Point that has 3 sms belonging to one company with 3 sites.
This client wants to have vpns between all locations.  They are all on the same 
layer 2 network (same vlan)

Options and expected outcomes
* Disable SM Isolation (the default selection). This allows full communication 
between SMs.

-  Works fine, all traffic can pass, Expected.

* Enable Option 1 - Block SM destined packets from being forwarded. This 
prevents both multicast/broadcast and unicast SM-to-SM communication.

-  Doesn't work, can establish connections between sms.  Expected..


* Enable Option 2 - Forward SM destined packets upstream. This not only 
prevents multicast/broadcast and unicast SM-to-SM communication but also sends 
the packets, which otherwise may have been handled SM to SM, through the 
Ethernet port of the AP.

-  Doesn't work, I thought this would work, I assumed all packets would 
be sent upstream to the router than the router would send it back to the 
clients, similar to how mac forced forwarding works on my fiber network.

So I guess my question is "Am I totally miss understanding what option 2 does?  
Is the only possible way to allow vpn traffic between sms on the same access 
points have to have "Disable SM Isolation set?"

Thanks, Craig.

Craig R. Schmaderer
CEO | Skywave Wireless, Inc.
Ph: 402-372-1975 | Fax: 402-372-1058
Direct: 402-372-1052

Re: [AFMUG] SM Isolation question

[Travis Johnson via Af]

How do you figure? Everything will eventually be SaaS... and it's a much 
better model for both sides. The software stays updated and current and 
bug fixes are instant. The initial cost to start with the software is 
usually 1/10th what it would be to buy, and it allows people to use the 
software from anywhere.


Many years ago, I was of the same opinion. Then I started to realize my 
time (or anyone else's time) was better spent focusing on the product we 
sold rather than installing/fixing/supporting someone else's software.


I know I personally spent at least 50+ hours over the previous 15 years 
installing/fixing/supporting Quickbooks on our LAN. Getting it installed 
on a server, setting up the shares, mapping drive letters, installing it 
on each PC, etc. The software cost us $500 to buy, and then the yearly 
updates were usually $200-$300. Or you can subscribe to the online 
version for $39/month and be done with it. It's automatically backed up, 
you don't have to host it on your own server, or worry about upgrade 
issues or users with problems, etc.


Time is money. Spend your time doing what you know how to do, and hire 
someone else to do the other tasks. :)


Travis

On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

True story.

___
Mangled by my iPhone.
___

Tyler Treat
Corn Belt Technologies, Inc.

tyler.tr...@cornbelttech.com mailto:tyler.tr...@cornbelttech.com
___


On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com 
mailto:af@afmug.com wrote:


Yeah, SaaS is great for the company that owns it, not so great for 
everyone else.


On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com 
mailto:af@afmug.com wrote:


Nope... mainly SaaS companies and real estate. Best of both
worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com http://www.aeronetpr.com
@aeronetpr






On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com
wrote:

It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th.
Always stuff going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com http://www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, Travis Johnson via Af
af@afmug.com wrote:

The other issue is p2p traffic between two people
on the same AP
and
if you are doing bandwidth shaping in your
router, even at the tower,
you will never see these packets. Or in the case
the original poster
asked about, that customer could keep a high-def
window open of all
their video cameras at the other location, using
3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber
Broadcasting) via Af wrote:

When you forward SM-to-SM traffic upstream,
there's nothing the router
can do about it. Put the two locations on
different IP subnets so that
traffic between the two has to be routed. Or
turn off SM isolation.

I leave SM isolation off because I'm not that
paranoid. The biggest
risk is broadcast/multicast crap flying
around. So use the SM uplink
broadcast/multicast rate limiting. This is
one of the best features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via
Af wrote:

We have a customer that has two SM's on
the same AP at separate
physical locations (home and office). The
have a DVR at each location
that they want to view. Everything is
configured properly on their
end to view the DVR's on port 80 through
their routers.   

Re: [AFMUG] SM Isolation question

[Ken Hohhof via Af]

I would not use anything related to Quickbooks as an example of the best way to 
do something.

Your only choices from Intuit are how you get screwed, not whether.


From: Travis Johnson via Af 
Sent: Thursday, October 16, 2014 9:02 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

How do you figure? Everything will eventually be SaaS... and it's a much better 
model for both sides. The software stays updated and current and bug fixes are 
instant. The initial cost to start with the software is usually 1/10th what it 
would be to buy, and it allows people to use the software from anywhere.

Many years ago, I was of the same opinion. Then I started to realize my time 
(or anyone else's time) was better spent focusing on the product we sold rather 
than installing/fixing/supporting someone else's software.

I know I personally spent at least 50+ hours over the previous 15 years 
installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a 
server, setting up the shares, mapping drive letters, installing it on each PC, 
etc. The software cost us $500 to buy, and then the yearly updates were usually 
$200-$300. Or you can subscribe to the online version for $39/month and be done 
with it. It's automatically backed up, you don't have to host it on your own 
server, or worry about upgrade issues or users with problems, etc.

Time is money. Spend your time doing what you know how to do, and hire someone 
else to do the other tasks. :)

Travis


On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

  True story.  


  ___
  Mangled by my iPhone.
  ___

  Tyler Treat
  Corn Belt Technologies, Inc. 

  tyler.tr...@cornbelttech.com
  ___


  On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com wrote:


Yeah, SaaS is great for the company that owns it, not so great for everyone 
else.

On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com wrote:

  Nope... mainly SaaS companies and real estate. Best of both worlds. :)

  Travis

  On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote:


  It just depends on the day... :)

  Involved in 11 companies now, and looking at a 12th. Always stuff 
going
  on. LOL

  Travis

  On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote:


  The other issue is p2p traffic between two people on the same 
AP
  and
  if you are doing bandwidth shaping in your router, even at the 
tower,
  you will never see these packets. Or in the case the original 
poster
  asked about, that customer could keep a high-def window open of 
all
  their video cameras at the other location, using 3-4Mbps of 
constant
  traffic, and you would never see it.

  Travis

  On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af 
wrote:

When you forward SM-to-SM traffic upstream, there's nothing the 
router
can do about it. Put the two locations on different IP subnets 
so that
traffic between the two has to be routed. Or turn off SM 
isolation.

I leave SM isolation off because I'm not that paranoid. The 
biggest
risk is broadcast/multicast crap flying around. So use the SM 
uplink
broadcast/multicast rate limiting. This is one of the best 
features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:

  We have a customer that has two SM's on the same AP at 
separate
  physical locations (home and office). The have a DVR at each 
location
  that they want to view. Everything is configured properly on 
their
  end to view the DVR's on port 80 through their routers.   
Problem is
  that we have SM isolation turned on with option 2 to forward 
packets
  upstream and they want to see the home when at the office and 
the
  office when at home.

  So I set up a mangle rule in my Mikortik to mark the packets 
with a
  routing mark based on the SRC and DST addresses, and then 
used a
  static route

Re: [AFMUG] SM Isolation question

[Chuck McCown via Af]

I am certainly not in love with intuit, what else can you use that is in the 
same range of cost and capability?

From: Ken Hohhof via Af 
Sent: Thursday, October 16, 2014 8:12 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

I would not use anything related to Quickbooks as an example of the best way to 
do something.

Your only choices from Intuit are how you get screwed, not whether.


From: Travis Johnson via Af 
Sent: Thursday, October 16, 2014 9:02 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

How do you figure? Everything will eventually be SaaS... and it's a much better 
model for both sides. The software stays updated and current and bug fixes are 
instant. The initial cost to start with the software is usually 1/10th what it 
would be to buy, and it allows people to use the software from anywhere.

Many years ago, I was of the same opinion. Then I started to realize my time 
(or anyone else's time) was better spent focusing on the product we sold rather 
than installing/fixing/supporting someone else's software.

I know I personally spent at least 50+ hours over the previous 15 years 
installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a 
server, setting up the shares, mapping drive letters, installing it on each PC, 
etc. The software cost us $500 to buy, and then the yearly updates were usually 
$200-$300. Or you can subscribe to the online version for $39/month and be done 
with it. It's automatically backed up, you don't have to host it on your own 
server, or worry about upgrade issues or users with problems, etc.

Time is money. Spend your time doing what you know how to do, and hire someone 
else to do the other tasks. :)

Travis


On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

  True story.  


  ___
  Mangled by my iPhone.
  ___

  Tyler Treat
  Corn Belt Technologies, Inc. 

  tyler.tr...@cornbelttech.com
  ___


  On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com wrote:


Yeah, SaaS is great for the company that owns it, not so great for everyone 
else.

On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com wrote:

  Nope... mainly SaaS companies and real estate. Best of both worlds. :)

  Travis

  On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote:


  It just depends on the day... :)

  Involved in 11 companies now, and looking at a 12th. Always stuff 
going
  on. LOL

  Travis

  On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote:


  The other issue is p2p traffic between two people on the same 
AP
  and
  if you are doing bandwidth shaping in your router, even at the 
tower,
  you will never see these packets. Or in the case the original 
poster
  asked about, that customer could keep a high-def window open of 
all
  their video cameras at the other location, using 3-4Mbps of 
constant
  traffic, and you would never see it.

  Travis

  On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af 
wrote:

When you forward SM-to-SM traffic upstream, there's nothing the 
router
can do about it. Put the two locations on different IP subnets 
so that
traffic between the two has to be routed. Or turn off SM 
isolation.

I leave SM isolation off because I'm not that paranoid. The 
biggest
risk is broadcast/multicast crap flying around. So use the SM 
uplink
broadcast/multicast rate limiting. This is one of the best 
features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:

  We have a customer that has two SM's on the same AP at 
separate
  physical locations (home and office). The have a DVR at each 
location
  that they want to view. Everything is configured properly on 
their
  end to view the DVR's on port 80 through their routers.   
Problem is
  that we have SM isolation turned on with option 2 to forward 
packets
  upstream and they want to see the home when at the office

Re: [AFMUG] SM Isolation question

[Seth Mattinen via Af]

On 10/16/14, 7:02 AM, Travis Johnson via Af wrote:


I know I personally spent at least 50+ hours over the previous 15 years
installing/fixing/supporting Quickbooks on our LAN. Getting it installed
on a server, setting up the shares, mapping drive letters, installing it
on each PC, etc. The software cost us $500 to buy, and then the yearly
updates were usually $200-$300. Or you can subscribe to the online
version for $39/month and be done with it. It's automatically backed up,
you don't have to host it on your own server, or worry about upgrade
issues or users with problems, etc.



One concern I have with that model is that it comes off like a 
protection racket: it would be a shame what would happen to your files 
if you stop paying.


~Seth

Re: [AFMUG] SM Isolation question

[Ken Hohhof via Af]

But at least with a big company you never have to worry they might have a 
data breach, right?


-Original Message- 
From: Seth Mattinen via Af

Sent: Thursday, October 16, 2014 9:22 AM
To: af@afmug.com
Subject: Re: [AFMUG] SM Isolation question

On 10/16/14, 7:02 AM, Travis Johnson via Af wrote:


I know I personally spent at least 50+ hours over the previous 15 years
installing/fixing/supporting Quickbooks on our LAN. Getting it installed
on a server, setting up the shares, mapping drive letters, installing it
on each PC, etc. The software cost us $500 to buy, and then the yearly
updates were usually $200-$300. Or you can subscribe to the online
version for $39/month and be done with it. It's automatically backed up,
you don't have to host it on your own server, or worry about upgrade
issues or users with problems, etc.



One concern I have with that model is that it comes off like a
protection racket: it would be a shame what would happen to your files
if you stop paying.

~Seth 

Re: [AFMUG] SM Isolation question

[Chuck McCown via Af]

snort

-Original Message- 
From: Ken Hohhof via Af 
Sent: Thursday, October 16, 2014 8:26 AM 
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question 

But at least with a big company you never have to worry they might have a 
data breach, right?


-Original Message- 
From: Seth Mattinen via Af

Sent: Thursday, October 16, 2014 9:22 AM
To: af@afmug.com
Subject: Re: [AFMUG] SM Isolation question

On 10/16/14, 7:02 AM, Travis Johnson via Af wrote:


I know I personally spent at least 50+ hours over the previous 15 years
installing/fixing/supporting Quickbooks on our LAN. Getting it installed
on a server, setting up the shares, mapping drive letters, installing it
on each PC, etc. The software cost us $500 to buy, and then the yearly
updates were usually $200-$300. Or you can subscribe to the online
version for $39/month and be done with it. It's automatically backed up,
you don't have to host it on your own server, or worry about upgrade
issues or users with problems, etc.



One concern I have with that model is that it comes off like a
protection racket: it would be a shame what would happen to your files
if you stop paying.

~Seth 

Re: [AFMUG] SM Isolation question

[Travis Johnson via Af]

I haven't seen the same results... every single company I am involved 
with, and even the 20+ that I have met with over the last three months 
have all used Quickbooks.


Travis

On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote:
I would not use anything related to Quickbooks as an example of the 
best way to do something.

Your only choices from Intuit are how you get screwed, not whether.
*From:* Travis Johnson via Af mailto:af@afmug.com
*Sent:* Thursday, October 16, 2014 9:02 AM
*To:* af@afmug.com mailto:af@afmug.com
*Subject:* Re: [AFMUG] SM Isolation question
How do you figure? Everything will eventually be SaaS... and it's a 
much better model for both sides. The software stays updated and 
current and bug fixes are instant. The initial cost to start with the 
software is usually 1/10th what it would be to buy, and it allows 
people to use the software from anywhere.


Many years ago, I was of the same opinion. Then I started to realize 
my time (or anyone else's time) was better spent focusing on the 
product we sold rather than installing/fixing/supporting someone 
else's software.


I know I personally spent at least 50+ hours over the previous 15 
years installing/fixing/supporting Quickbooks on our LAN. Getting it 
installed on a server, setting up the shares, mapping drive letters, 
installing it on each PC, etc. The software cost us $500 to buy, and 
then the yearly updates were usually $200-$300. Or you can subscribe 
to the online version for $39/month and be done with it. It's 
automatically backed up, you don't have to host it on your own server, 
or worry about upgrade issues or users with problems, etc.


Time is money. Spend your time doing what you know how to do, and hire 
someone else to do the other tasks. :)


Travis

On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

True story.

___
Mangled by my iPhone.
___
Tyler Treat
Corn Belt Technologies, Inc.
tyler.tr...@cornbelttech.com mailto:tyler.tr...@cornbelttech.com
___

On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com 
mailto:af@afmug.com wrote:


Yeah, SaaS is great for the company that owns it, not so great for 
everyone else.


On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com 
mailto:af@afmug.com wrote:


Nope... mainly SaaS companies and real estate. Best of both
worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com http://www.aeronetpr.com
@aeronetpr






On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com
wrote:

It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th.
Always stuff going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com http://www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, Travis Johnson via Af
af@afmug.com wrote:

The other issue is p2p traffic between two
people on the same AP
and
if you are doing bandwidth shaping in your
router, even at the tower,
you will never see these packets. Or in the case
the original poster
asked about, that customer could keep a high-def
window open of all
their video cameras at the other location, using
3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber
Broadcasting) via Af wrote:

When you forward SM-to-SM traffic upstream,
there's nothing the router
can do about it. Put the two locations on
different IP subnets so that
traffic between the two has to be routed. Or
turn off SM isolation.

I leave SM isolation off because I'm not
that paranoid. The biggest
risk is broadcast/multicast crap flying
around. So use the SM uplink
broadcast/multicast rate limiting. This is
one of the best features of
Canopy, IMO

Re: [AFMUG] SM Isolation question

[Ken Hohhof via Af]

I don’t dispute that, or that SaaS is the wave of the future (present?), just I 
find Intuit to be a money-grubbing borderline unethical company to deal with, 
that nonetheless dominates their market niche.  Probably because the 
accountants all use it.  As far as getting the bug fixes immediately because 
you subscribe as a service, that would mean more if it didn’t take Intuit years 
to fix bugs.  There is actually very little improvement from year to year in 
Quickbooks, it is mostly cosmetic or related to new services they want to sell 
you.  Which tend to be pretty poor, for example their payroll service is really 
pathetic, you’re almost better off filling out the tax forms by hand.

But as an other example of SaaS, Adobe has gone heavily that direction with 
their creative suites.  If you are a graphic designer or web designer, I’m sure 
it’s a very good deal.  For someone like me with an owned copy of Photoshop, it 
probably doesn’t make sense to start paying monthly, since I could care less 
about having the latest improvements, I don’t use it intensively enough to make 
it worthwhile.  Maybe for Dreamweaver since HTML techniques are changing all 
the time.  At least Adobe doesn’t require that you are connected to the 
Internet in order to use the software.  I don’t really have any problem with 
their approach, even though it doesn’t work out so well for me.


From: Travis Johnson via Af 
Sent: Thursday, October 16, 2014 9:38 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

I haven't seen the same results... every single company I am involved with, and 
even the 20+ that I have met with over the last three months have all used 
Quickbooks.

Travis


On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote:

  I would not use anything related to Quickbooks as an example of the best way 
to do something.

  Your only choices from Intuit are how you get screwed, not whether.


  From: Travis Johnson via Af 
  Sent: Thursday, October 16, 2014 9:02 AM
  To: af@afmug.com 
  Subject: Re: [AFMUG] SM Isolation question

  How do you figure? Everything will eventually be SaaS... and it's a much 
better model for both sides. The software stays updated and current and bug 
fixes are instant. The initial cost to start with the software is usually 
1/10th what it would be to buy, and it allows people to use the software from 
anywhere.

  Many years ago, I was of the same opinion. Then I started to realize my time 
(or anyone else's time) was better spent focusing on the product we sold rather 
than installing/fixing/supporting someone else's software.

  I know I personally spent at least 50+ hours over the previous 15 years 
installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a 
server, setting up the shares, mapping drive letters, installing it on each PC, 
etc. The software cost us $500 to buy, and then the yearly updates were usually 
$200-$300. Or you can subscribe to the online version for $39/month and be done 
with it. It's automatically backed up, you don't have to host it on your own 
server, or worry about upgrade issues or users with problems, etc.

  Time is money. Spend your time doing what you know how to do, and hire 
someone else to do the other tasks. :)

  Travis


  On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

True story.  


___
Mangled by my iPhone.
___

Tyler Treat
Corn Belt Technologies, Inc. 

tyler.tr...@cornbelttech.com
___


On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com wrote:


  Yeah, SaaS is great for the company that owns it, not so great for 
everyone else.

  On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com 
wrote:

Nope... mainly SaaS companies and real estate. Best of both worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

  Someone told me you were getting into manufacturing��



  Gino A. Villarini
  President
  Aeronet Wireless Broadband Corp.
  www.aeronetpr.com
  @aeronetpr






  On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote:


It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th. Always stuff 
going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

  Travis, are you getting bored at your current job? Lol!!

  Great to see you active in the list!



  Gino A. Villarini
  President
  Aeronet Wireless Broadband Corp.
  www.aeronetpr.com
  @aeronetpr






  On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com 
wrote:


The other issue is p2p traffic between two people on the same 
AP
and
if you are doing

Re: [AFMUG] SM Isolation question

[Seth Mattinen via Af]

On 10/16/14, 8:02 AM, Ken Hohhof via Af wrote:

If you are a graphic designer or web designer, I’m sure it’s a very good
deal.



I'll have to ask one of my ad agency customers what they think of it.

~Seth

Re: [AFMUG] SM Isolation question

[Chuck McCown via Af]

One thing I did subscribe to and I do use is Adobe’s PDF conversion service.  
It is awesome, much better than any other tool I have used for the same 
purpose.  It converts stuff to word and it is essentially perfect.

From: Ken Hohhof via Af 
Sent: Thursday, October 16, 2014 9:02 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

I don’t dispute that, or that SaaS is the wave of the future (present?), just I 
find Intuit to be a money-grubbing borderline unethical company to deal with, 
that nonetheless dominates their market niche.  Probably because the 
accountants all use it.  As far as getting the bug fixes immediately because 
you subscribe as a service, that would mean more if it didn’t take Intuit years 
to fix bugs.  There is actually very little improvement from year to year in 
Quickbooks, it is mostly cosmetic or related to new services they want to sell 
you.  Which tend to be pretty poor, for example their payroll service is really 
pathetic, you’re almost better off filling out the tax forms by hand.

But as an other example of SaaS, Adobe has gone heavily that direction with 
their creative suites.  If you are a graphic designer or web designer, I’m sure 
it’s a very good deal.  For someone like me with an owned copy of Photoshop, it 
probably doesn’t make sense to start paying monthly, since I could care less 
about having the latest improvements, I don’t use it intensively enough to make 
it worthwhile.  Maybe for Dreamweaver since HTML techniques are changing all 
the time.  At least Adobe doesn’t require that you are connected to the 
Internet in order to use the software.  I don’t really have any problem with 
their approach, even though it doesn’t work out so well for me.


From: Travis Johnson via Af 
Sent: Thursday, October 16, 2014 9:38 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

I haven't seen the same results... every single company I am involved with, and 
even the 20+ that I have met with over the last three months have all used 
Quickbooks.

Travis


On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote:

  I would not use anything related to Quickbooks as an example of the best way 
to do something.

  Your only choices from Intuit are how you get screwed, not whether.


  From: Travis Johnson via Af 
  Sent: Thursday, October 16, 2014 9:02 AM
  To: af@afmug.com 
  Subject: Re: [AFMUG] SM Isolation question

  How do you figure? Everything will eventually be SaaS... and it's a much 
better model for both sides. The software stays updated and current and bug 
fixes are instant. The initial cost to start with the software is usually 
1/10th what it would be to buy, and it allows people to use the software from 
anywhere.

  Many years ago, I was of the same opinion. Then I started to realize my time 
(or anyone else's time) was better spent focusing on the product we sold rather 
than installing/fixing/supporting someone else's software.

  I know I personally spent at least 50+ hours over the previous 15 years 
installing/fixing/supporting Quickbooks on our LAN. Getting it installed on a 
server, setting up the shares, mapping drive letters, installing it on each PC, 
etc. The software cost us $500 to buy, and then the yearly updates were usually 
$200-$300. Or you can subscribe to the online version for $39/month and be done 
with it. It's automatically backed up, you don't have to host it on your own 
server, or worry about upgrade issues or users with problems, etc.

  Time is money. Spend your time doing what you know how to do, and hire 
someone else to do the other tasks. :)

  Travis


  On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

True story.  


___
Mangled by my iPhone.
___

Tyler Treat
Corn Belt Technologies, Inc. 

tyler.tr...@cornbelttech.com
___


On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com wrote:


  Yeah, SaaS is great for the company that owns it, not so great for 
everyone else.

  On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com 
wrote:

Nope... mainly SaaS companies and real estate. Best of both worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

  Someone told me you were getting into manufacturing��



  Gino A. Villarini
  President
  Aeronet Wireless Broadband Corp.
  www.aeronetpr.com
  @aeronetpr






  On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote:


It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th. Always stuff 
going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

  Travis, are you getting bored at your current job? Lol!!

  Great to see you active in the list!



  Gino A. Villarini

[AFMUG] SM Isolation question

[Jason McKemie via Af]

SaaS makes sense for some applications, but a lot of what I'm seeing it
applied to is just a money grab. Some things are just set up and go, I
don't need updates or support, so long as the software does what I bought
it to do. A great example of this is a point of sale system I'm installing.
Nearly every company wanted an upfront fee plus anywhere from $40-$60 /
terminal / month. I found software that allows multiple terminals for $1k
(no monthly recurring). This will pay for itself in probably 6 months.

On Thursday, October 16, 2014, Travis Johnson via Af af@afmug.com
javascript:_e(%7B%7D,'cvml','af@afmug.com'); wrote:

  How do you figure? Everything will eventually be SaaS... and it's a much
 better model for both sides. The software stays updated and current and bug
 fixes are instant. The initial cost to start with the software is usually
 1/10th what it would be to buy, and it allows people to use the software
 from anywhere.

 Many years ago, I was of the same opinion. Then I started to realize my
 time (or anyone else's time) was better spent focusing on the product we
 sold rather than installing/fixing/supporting someone else's software.

 I know I personally spent at least 50+ hours over the previous 15 years
 installing/fixing/supporting Quickbooks on our LAN. Getting it installed on
 a server, setting up the shares, mapping drive letters, installing it on
 each PC, etc. The software cost us $500 to buy, and then the yearly updates
 were usually $200-$300. Or you can subscribe to the online version for
 $39/month and be done with it. It's automatically backed up, you don't have
 to host it on your own server, or worry about upgrade issues or users with
 problems, etc.

 Time is money. Spend your time doing what you know how to do, and hire
 someone else to do the other tasks. :)

 Travis

 On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

 True story.

 ___
 Mangled by my iPhone.
 ___

  Tyler Treat
 Corn Belt Technologies, Inc.

  tyler.tr...@cornbelttech.com
 ___


 On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com wrote:

  Yeah, SaaS is great for the company that owns it, not so great for
 everyone else.

 On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com
 wrote:

 Nope... mainly SaaS companies and real estate. Best of both worlds. :)

 Travis

 On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

 Someone told me you were getting into manufacturing��



 Gino A. Villarini
 President
 Aeronet Wireless Broadband Corp.
 www.aeronetpr.com
 @aeronetpr






 On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote:

  It just depends on the day... :)

 Involved in 11 companies now, and looking at a 12th. Always stuff going
 on. LOL

 Travis

 On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

 Travis, are you getting bored at your current job? Lol!!

 Great to see you active in the list!



 Gino A. Villarini
 President
 Aeronet Wireless Broadband Corp.
 www.aeronetpr.com
 @aeronetpr






 On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote:

  The other issue is p2p traffic between two people on the same AP
 and
 if you are doing bandwidth shaping in your router, even at the tower,
 you will never see these packets. Or in the case the original poster
 asked about, that customer could keep a high-def window open of all
 their video cameras at the other location, using 3-4Mbps of constant
 traffic, and you would never see it.

 Travis

 On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af
 wrote:

 When you forward SM-to-SM traffic upstream, there's nothing the
 router
 can do about it. Put the two locations on different IP subnets so
 that
 traffic between the two has to be routed. Or turn off SM isolation.

 I leave SM isolation off because I'm not that paranoid. The biggest
 risk is broadcast/multicast crap flying around. So use the SM uplink
 broadcast/multicast rate limiting. This is one of the best features
 of
 Canopy, IMO.

 On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:

 We have a customer that has two SM's on the same AP at separate
 physical locations (home and office). The have a DVR at each
 location
 that they want to view. Everything is configured properly on their
 end to view the DVR's on port 80 through their routers.   Problem is
 that we have SM isolation turned on with option 2 to forward packets
 upstream and they want to see the home when at the office and the
 office when at home.

 So I set up a mangle rule in my Mikortik to mark the packets with a
 routing mark based on the SRC and DST addresses, and then used a
 static route for anything what that mark and send it back to the AP
 port. It doesn't work, what am I doing wrong, any suggestions short
 of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Adam Moffett via Af]

AutodeskThey still charge thousands of a copy of autoCAD, but you 
can get it on a month to month basis for $60/month, or pay for a whole 
year and it's like $35/month.


I would never have been able to justify paying them $3k for something I 
would use 4 times a year, but I can pay them $60 each for the four times 
I want to use it.  Before that I would limit my use to twice a 
yearone 30 day demo of the current release of autoCAD and one 30 day 
demo of the current autoCAD LT.


I don’t dispute that, or that SaaS is the wave of the future 
(present?), just I find Intuit to be a money-grubbing borderline 
unethical company to deal with, that nonetheless dominates their 
market niche.  Probably because the accountants all use it.  As far as 
getting the bug fixes immediately because you subscribe as a service, 
that would mean more if it didn’t take Intuit years to fix bugs.  
There is actually very little improvement from year to year in 
Quickbooks, it is mostly cosmetic or related to new services they want 
to sell you.  Which tend to be pretty poor, for example their payroll 
service is really pathetic, you’re almost better off filling out the 
tax forms by hand.
But as an other example of SaaS, Adobe has gone heavily that direction 
with their creative suites.  If you are a graphic designer or web 
designer, I’m sure it’s a very good deal.  For someone like me with an 
owned copy of Photoshop, it probably doesn’t make sense to start 
paying monthly, since I could care less about having the latest 
improvements, I don’t use it intensively enough to make it 
worthwhile.  Maybe for Dreamweaver since HTML techniques are changing 
all the time.  At least Adobe doesn’t require that you are connected 
to the Internet in order to use the software.  I don’t really have any 
problem with their approach, even though it doesn’t work out so well 
for me.

*From:* Travis Johnson via Af mailto:af@afmug.com
*Sent:* Thursday, October 16, 2014 9:38 AM
*To:* af@afmug.com mailto:af@afmug.com
*Subject:* Re: [AFMUG] SM Isolation question
I haven't seen the same results... every single company I am involved 
with, and even the 20+ that I have met with over the last three months 
have all used Quickbooks.


Travis

On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote:
I would not use anything related to Quickbooks as an example of the 
best way to do something.

Your only choices from Intuit are how you get screwed, not whether.
*From:* Travis Johnson via Af mailto:af@afmug.com
*Sent:* Thursday, October 16, 2014 9:02 AM
*To:* af@afmug.com mailto:af@afmug.com
*Subject:* Re: [AFMUG] SM Isolation question
How do you figure? Everything will eventually be SaaS... and it's a 
much better model for both sides. The software stays updated and 
current and bug fixes are instant. The initial cost to start with the 
software is usually 1/10th what it would be to buy, and it allows 
people to use the software from anywhere.


Many years ago, I was of the same opinion. Then I started to realize 
my time (or anyone else's time) was better spent focusing on the 
product we sold rather than installing/fixing/supporting someone 
else's software.


I know I personally spent at least 50+ hours over the previous 15 
years installing/fixing/supporting Quickbooks on our LAN. Getting it 
installed on a server, setting up the shares, mapping drive letters, 
installing it on each PC, etc. The software cost us $500 to buy, and 
then the yearly updates were usually $200-$300. Or you can subscribe 
to the online version for $39/month and be done with it. It's 
automatically backed up, you don't have to host it on your own 
server, or worry about upgrade issues or users with problems, etc.


Time is money. Spend your time doing what you know how to do, and 
hire someone else to do the other tasks. :)


Travis

On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

True story.

___
Mangled by my iPhone.
___
Tyler Treat
Corn Belt Technologies, Inc.
tyler.tr...@cornbelttech.com mailto:tyler.tr...@cornbelttech.com
___

On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com 
mailto:af@afmug.com wrote:


Yeah, SaaS is great for the company that owns it, not so great for 
everyone else.


On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com 
mailto:af@afmug.com wrote:


Nope... mainly SaaS companies and real estate. Best of both
worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com http://www.aeronetpr.com
@aeronetpr






On 10/15/14, 5:31 PM, Travis Johnson via Af
af@afmug.com wrote:

It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th.
Always stuff going

Re: [AFMUG] SM Isolation question

[Bill Prince via Af]

I've got to say I'm firmly on the fence with regard to this issue.

The last time we paid for MS Office was back in 2000 (seriously). I 
think we paid $400 or $500 for it, and it was the type of thing that we 
could load on a couple of PCs for the duration.  Yes, it got long in 
tooth, but it worked, and it did what we wanted.  That came to about $16 
per PC per year.  Pretty good deal, and I don't think we missed out on 
much.  Sure, a couple of years ago, MS made a major change to file 
formats that the old version couldn't open, but they also provided 
viewers and converters so we made do.


However, most of the office files you see these days are the new format, 
so we decided to get the new version as a service.  We're paying $150 
per year for 5 seats (which we only need 4 of).  So that will be $37 per 
PC per year (or $30 per PC per year if we install it on another PC).  
Call that inflation, but it also gets updates on a more-or-less 
continuous basis.


The biggest downside is that the new office contains a bunch of cruff 
that we don't need, and probably won't use.


Call it progress, or whatever.  I've seen a bunch of model-evolutions 
over the years, and this just seems to be the latest.


bp

On 10/16/2014 8:21 AM, Adam Moffett via Af wrote:


AutodeskThey still charge thousands of a copy of autoCAD, but you 
can get it on a month to month basis for $60/month, or pay for a whole 
year and it's like $35/month.


I would never have been able to justify paying them $3k for something 
I would use 4 times a year, but I can pay them $60 each for the four 
times I want to use it.  Before that I would limit my use to twice a 
yearone 30 day demo of the current release of autoCAD and one 30 
day demo of the current autoCAD LT.


I don’t dispute that, or that SaaS is the wave of the future 
(present?), just I find Intuit to be a money-grubbing borderline 
unethical company to deal with, that nonetheless dominates their 
market niche.  Probably because the accountants all use it.  As far 
as getting the bug fixes immediately because you subscribe as a 
service, that would mean more if it didn’t take Intuit years to fix 
bugs.  There is actually very little improvement from year to year in 
Quickbooks, it is mostly cosmetic or related to new services they 
want to sell you.  Which tend to be pretty poor, for example their 
payroll service is really pathetic, you’re almost better off filling 
out the tax forms by hand.
But as an other example of SaaS, Adobe has gone heavily that 
direction with their creative suites.  If you are a graphic designer 
or web designer, I’m sure it’s a very good deal.  For someone like me 
with an owned copy of Photoshop, it probably doesn’t make sense to 
start paying monthly, since I could care less about having the latest 
improvements, I don’t use it intensively enough to make it 
worthwhile.  Maybe for Dreamweaver since HTML techniques are changing 
all the time.  At least Adobe doesn’t require that you are connected 
to the Internet in order to use the software.  I don’t really have 
any problem with their approach, even though it doesn’t work out so 
well for me.

*From:* Travis Johnson via Af mailto:af@afmug.com
*Sent:* Thursday, October 16, 2014 9:38 AM
*To:* af@afmug.com mailto:af@afmug.com
*Subject:* Re: [AFMUG] SM Isolation question
I haven't seen the same results... every single company I am involved 
with, and even the 20+ that I have met with over the last three 
months have all used Quickbooks.


Travis

On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote:
I would not use anything related to Quickbooks as an example of the 
best way to do something.

Your only choices from Intuit are how you get screwed, not whether.
*From:* Travis Johnson via Af mailto:af@afmug.com
*Sent:* Thursday, October 16, 2014 9:02 AM
*To:* af@afmug.com mailto:af@afmug.com
*Subject:* Re: [AFMUG] SM Isolation question
How do you figure? Everything will eventually be SaaS... and it's a 
much better model for both sides. The software stays updated and 
current and bug fixes are instant. The initial cost to start with 
the software is usually 1/10th what it would be to buy, and it 
allows people to use the software from anywhere.


Many years ago, I was of the same opinion. Then I started to realize 
my time (or anyone else's time) was better spent focusing on the 
product we sold rather than installing/fixing/supporting someone 
else's software.


I know I personally spent at least 50+ hours over the previous 15 
years installing/fixing/supporting Quickbooks on our LAN. Getting it 
installed on a server, setting up the shares, mapping drive letters, 
installing it on each PC, etc. The software cost us $500 to buy, and 
then the yearly updates were usually $200-$300. Or you can subscribe 
to the online version for $39/month and be done with it. It's 
automatically backed up, you don't have to host it on your own 
server, or worry about upgrade issues or users with problems, etc.


Time

Re: [AFMUG] SM Isolation question

[Ken Hohhof via Af]

My main complaint about Office 365 is it’s extremely confusing, as there seems 
to be a run locally but subscribe to online updates model, as well as a totally 
cloud based model where everything’s in the cloud including your data.  And if 
a customer calls having trouble with Office 365, they of course don’t have a 
clue how they are set up.  Add the fact that someone buys a new computer like a 
Surface and the first thing it has you do is set up a Microsoft email address 
as a login for the computer, and starts backing up your data by default on 
Skydrive.  Or is it Onedrive now?  Thing is, average customer without an IT 
department actually doesn’t understand where on the continuum from “box 
software” to Saas and “in the cloud” he is.  Where is my software?  Where is my 
data?  Am I launching software, or a browser window?  Can I use it without an 
Internet connection?  What happens if I stop my subscription?  I dunno.  Who do 
I call?  It says to call my network administrator.  That must mean my ISP.  OK, 
dialing my ISP now.

From: Bill Prince via Af 
Sent: Thursday, October 16, 2014 10:41 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

I've got to say I'm firmly on the fence with regard to this issue.

The last time we paid for MS Office was back in 2000 (seriously).  I think we 
paid $400 or $500 for it, and it was the type of thing that we could load on a 
couple of PCs for the duration.  Yes, it got long in tooth, but it worked, and 
it did what we wanted.  That came to about $16 per PC per year.  Pretty good 
deal, and I don't think we missed out on much.  Sure, a couple of years ago, MS 
made a major change to file formats that the old version couldn't open, but 
they also provided viewers and converters so we made do.

However, most of the office files you see these days are the new format, so we 
decided to get the new version as a service.  We're paying $150 per year for 5 
seats (which we only need 4 of).  So that will be $37 per PC per year (or $30 
per PC per year if we install it on another PC).  Call that inflation, but it 
also gets updates on a more-or-less continuous basis.

The biggest downside is that the new office contains a bunch of cruff that we 
don't need, and probably won't use.

Call it progress, or whatever.  I've seen a bunch of model-evolutions over the 
years, and this just seems to be the latest.


bpOn 10/16/2014 8:21 AM, Adam Moffett via Af wrote:



  AutodeskThey still charge thousands of a copy of autoCAD, but you can get 
it on a month to month basis for $60/month, or pay for a whole year and it's 
like $35/month.

  I would never have been able to justify paying them $3k for something I would 
use 4 times a year, but I can pay them $60 each for the four times I want to 
use it.  Before that I would limit my use to twice a yearone 30 day demo of 
the current release of autoCAD and one 30 day demo of the current autoCAD LT.


I don’t dispute that, or that SaaS is the wave of the future (present?), 
just I find Intuit to be a money-grubbing borderline unethical company to deal 
with, that nonetheless dominates their market niche.  Probably because the 
accountants all use it.  As far as getting the bug fixes immediately because 
you subscribe as a service, that would mean more if it didn’t take Intuit years 
to fix bugs.  There is actually very little improvement from year to year in 
Quickbooks, it is mostly cosmetic or related to new services they want to sell 
you.  Which tend to be pretty poor, for example their payroll service is really 
pathetic, you’re almost better off filling out the tax forms by hand.

But as an other example of SaaS, Adobe has gone heavily that direction with 
their creative suites.  If you are a graphic designer or web designer, I’m sure 
it’s a very good deal.  For someone like me with an owned copy of Photoshop, it 
probably doesn’t make sense to start paying monthly, since I could care less 
about having the latest improvements, I don’t use it intensively enough to make 
it worthwhile.  Maybe for Dreamweaver since HTML techniques are changing all 
the time.  At least Adobe doesn’t require that you are connected to the 
Internet in order to use the software.  I don’t really have any problem with 
their approach, even though it doesn’t work out so well for me.


From: Travis Johnson via Af 
Sent: Thursday, October 16, 2014 9:38 AM
To: af@afmug.com 
Subject: Re: [AFMUG] SM Isolation question

I haven't seen the same results... every single company I am involved with, 
and even the 20+ that I have met with over the last three months have all used 
Quickbooks.

Travis


On 10/16/2014 8:12 AM, Ken Hohhof via Af wrote:

  I would not use anything related to Quickbooks as an example of the best 
way to do something.

  Your only choices from Intuit are how you get screwed, not whether.


  From: Travis Johnson via Af 
  Sent: Thursday, October 16, 2014 9:02 AM

Re: [AFMUG] SM Isolation question

[Jerry Head via Af]

+1 Travis

On 10/16/2014 9:02 AM, Travis Johnson via Af wrote:
How do you figure? Everything will eventually be SaaS... and it's a 
much better model for both sides. The software stays updated and 
current and bug fixes are instant. The initial cost to start with the 
software is usually 1/10th what it would be to buy, and it allows 
people to use the software from anywhere.


Many years ago, I was of the same opinion. Then I started to realize 
my time (or anyone else's time) was better spent focusing on the 
product we sold rather than installing/fixing/supporting someone 
else's software.


I know I personally spent at least 50+ hours over the previous 15 
years installing/fixing/supporting Quickbooks on our LAN. Getting it 
installed on a server, setting up the shares, mapping drive letters, 
installing it on each PC, etc. The software cost us $500 to buy, and 
then the yearly updates were usually $200-$300. Or you can subscribe 
to the online version for $39/month and be done with it. It's 
automatically backed up, you don't have to host it on your own server, 
or worry about upgrade issues or users with problems, etc.


Time is money. Spend your time doing what you know how to do, and hire 
someone else to do the other tasks. :)


Travis

On 10/15/2014 9:31 PM, Tyler Treat via Af wrote:

True story.

___
Mangled by my iPhone.
___

Tyler Treat
Corn Belt Technologies, Inc.

tyler.tr...@cornbelttech.com mailto:tyler.tr...@cornbelttech.com
___


On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af af@afmug.com 
mailto:af@afmug.com wrote:


Yeah, SaaS is great for the company that owns it, not so great for 
everyone else.


On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com 
mailto:af@afmug.com wrote:


Nope... mainly SaaS companies and real estate. Best of both
worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

Someone told me you were getting into manufacturing��



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com http://www.aeronetpr.com
@aeronetpr






On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com
wrote:

It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th.
Always stuff going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com http://www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, Travis Johnson via Af
af@afmug.com wrote:

The other issue is p2p traffic between two
people on the same AP
and
if you are doing bandwidth shaping in your
router, even at the tower,
you will never see these packets. Or in the case
the original poster
asked about, that customer could keep a high-def
window open of all
their video cameras at the other location, using
3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber
Broadcasting) via Af wrote:

When you forward SM-to-SM traffic upstream,
there's nothing the router
can do about it. Put the two locations on
different IP subnets so that
traffic between the two has to be routed. Or
turn off SM isolation.

I leave SM isolation off because I'm not
that paranoid. The biggest
risk is broadcast/multicast crap flying
around. So use the SM uplink
broadcast/multicast rate limiting. This is
one of the best features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via
Af wrote:

We have a customer that has two SM's on
the same AP at separate
physical locations (home and office).
The have a DVR at each location
that they want to view. Everything is
configured properly on their
end to view the DVR's on 

Re: [AFMUG] SM Isolation question

[Travis Johnson via Af]

The other issue is p2p traffic between two people on the same AP and 
if you are doing bandwidth shaping in your router, even at the tower, 
you will never see these packets. Or in the case the original poster 
asked about, that customer could keep a high-def window open of all 
their video cameras at the other location, using 3-4Mbps of constant 
traffic, and you would never see it.


Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
When you forward SM-to-SM traffic upstream, there's nothing the router 
can do about it. Put the two locations on different IP subnets so that 
traffic between the two has to be routed. Or turn off SM isolation.


I leave SM isolation off because I'm not that paranoid. The biggest 
risk is broadcast/multicast crap flying around. So use the SM uplink 
broadcast/multicast rate limiting. This is one of the best features of 
Canopy, IMO.


On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
We have a customer that has two SM's on the same AP at separate 
physical locations (home and office). The have a DVR at each location 
that they want to view. Everything is configured properly on their 
end to view the DVR's on port 80 through their routers.   Problem is 
that we have SM isolation turned on with option 2 to forward packets 
upstream and they want to see the home when at the office and the 
office when at home.


So I set up a mangle rule in my Mikortik to mark the packets with a 
routing mark based on the SRC and DST addresses, and then used a 
static route for anything what that mark and send it back to the AP 
port. It doesn't work, what am I doing wrong, any suggestions short 
of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Gilbert T. Gutierrez, Jr. via Af]

As others have said, put the two locations on different subnets. That 
will get around the issue. You could also segment using Vlans which 
would allow you to retain DHCP if you use DHCP. We always have Isolation 
enabled. We happen to use a few vlans to further segment the traffic and 
if a customer has 2 SMs on the same AP, we make sure that the public 
facing IPs are on different networks.


Gilbert

On 10/15/2014 12:23 PM, Christopher Tyler via Af wrote:

We have a customer that has two SM's on the same AP at separate physical 
locations (home and office).  The have a DVR at each location that they want to 
view.  Everything is configured properly on their end to view the DVR's on port 
80 through their routers.   Problem is that we have SM isolation turned on with 
option 2 to forward packets upstream and they want to see the home when at the 
office and the office when at home.

So I set up a mangle rule in my Mikortik to mark the packets with a routing 
mark based on the SRC and DST addresses, and then used a static route for 
anything what that mark and send it back to the AP port. It doesn't work, what 
am I doing wrong, any suggestions short of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Christopher Tyler via Af]

Thank you all for the assist, we will be moving one of the locations to a 
separate subnet.  Much appreciated.

-- 
Christopher Tyler 
MTCRE/MTCNA/MTCTCE/MTCWE 
Total Highspeed Internet Services 
417.851.1107

- Original Message -
From: Gilbert T. Gutierrez, Jr. via Af af@afmug.com
To: af@afmug.com
Sent: Wednesday, October 15, 2014 3:54:59 PM
Subject: Re: [AFMUG] SM Isolation question

As others have said, put the two locations on different subnets. That 
will get around the issue. You could also segment using Vlans which 
would allow you to retain DHCP if you use DHCP. We always have Isolation 
enabled. We happen to use a few vlans to further segment the traffic and 
if a customer has 2 SMs on the same AP, we make sure that the public 
facing IPs are on different networks.

Gilbert

On 10/15/2014 12:23 PM, Christopher Tyler via Af wrote:
 We have a customer that has two SM's on the same AP at separate physical 
 locations (home and office).  The have a DVR at each location that they want 
 to view.  Everything is configured properly on their end to view the DVR's on 
 port 80 through their routers.   Problem is that we have SM isolation turned 
 on with option 2 to forward packets upstream and they want to see the home 
 when at the office and the office when at home.

 So I set up a mangle rule in my Mikortik to mark the packets with a routing 
 mark based on the SRC and DST addresses, and then used a static route for 
 anything what that mark and send it back to the AP port. It doesn't work, 
 what am I doing wrong, any suggestions short of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[George Skorup (Cyber Broadcasting) via Af]

Which is why you should use Canopy's QoS.

On 10/15/2014 3:14 PM, Travis Johnson via Af wrote:
The other issue is p2p traffic between two people on the same AP 
and if you are doing bandwidth shaping in your router, even at the 
tower, you will never see these packets. Or in the case the original 
poster asked about, that customer could keep a high-def window open of 
all their video cameras at the other location, using 3-4Mbps of 
constant traffic, and you would never see it.


Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
When you forward SM-to-SM traffic upstream, there's nothing the 
router can do about it. Put the two locations on different IP subnets 
so that traffic between the two has to be routed. Or turn off SM 
isolation.


I leave SM isolation off because I'm not that paranoid. The biggest 
risk is broadcast/multicast crap flying around. So use the SM uplink 
broadcast/multicast rate limiting. This is one of the best features 
of Canopy, IMO.


On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
We have a customer that has two SM's on the same AP at separate 
physical locations (home and office). The have a DVR at each 
location that they want to view. Everything is configured properly 
on their end to view the DVR's on port 80 through their routers.   
Problem is that we have SM isolation turned on with option 2 to 
forward packets upstream and they want to see the home when at the 
office and the office when at home.


So I set up a mangle rule in my Mikortik to mark the packets with a 
routing mark based on the SRC and DST addresses, and then used a 
static route for anything what that mark and send it back to the AP 
port. It doesn't work, what am I doing wrong, any suggestions short 
of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Paul McCall via Af]

We don’t have that exact scenario, but you could monitor or throttle through a 
router (Mikrotik) or use the SM QOS to help mitigate that (somewhat)

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Travis Johnson via Af
Sent: Wednesday, October 15, 2014 4:14 PM
To: af@afmug.com
Subject: Re: [AFMUG] SM Isolation question

The other issue is p2p traffic between two people on the same AP and if you 
are doing bandwidth shaping in your router, even at the tower, you will never 
see these packets. Or in the case the original poster asked about, that 
customer could keep a high-def window open of all their video cameras at the 
other location, using 3-4Mbps of constant traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
 When you forward SM-to-SM traffic upstream, there's nothing the router 
 can do about it. Put the two locations on different IP subnets so that 
 traffic between the two has to be routed. Or turn off SM isolation.

 I leave SM isolation off because I'm not that paranoid. The biggest 
 risk is broadcast/multicast crap flying around. So use the SM uplink 
 broadcast/multicast rate limiting. This is one of the best features of 
 Canopy, IMO.

 On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
 We have a customer that has two SM's on the same AP at separate 
 physical locations (home and office). The have a DVR at each location 
 that they want to view. Everything is configured properly on their
 end to view the DVR's on port 80 through their routers.   Problem is 
 that we have SM isolation turned on with option 2 to forward packets 
 upstream and they want to see the home when at the office and the 
 office when at home.

 So I set up a mangle rule in my Mikortik to mark the packets with a 
 routing mark based on the SRC and DST addresses, and then used a 
 static route for anything what that mark and send it back to the AP 
 port. It doesn't work, what am I doing wrong, any suggestions short 
 of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Gino Villarini via Af]

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com  
@aeronetpr






On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote:

The other issue is p2p traffic between two people on the same AP and
if you are doing bandwidth shaping in your router, even at the tower,
you will never see these packets. Or in the case the original poster
asked about, that customer could keep a high-def window open of all
their video cameras at the other location, using 3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
 When you forward SM-to-SM traffic upstream, there's nothing the router
 can do about it. Put the two locations on different IP subnets so that
 traffic between the two has to be routed. Or turn off SM isolation.

 I leave SM isolation off because I'm not that paranoid. The biggest
 risk is broadcast/multicast crap flying around. So use the SM uplink
 broadcast/multicast rate limiting. This is one of the best features of
 Canopy, IMO.

 On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
 We have a customer that has two SM's on the same AP at separate
 physical locations (home and office). The have a DVR at each location
 that they want to view. Everything is configured properly on their
 end to view the DVR's on port 80 through their routers.   Problem is
 that we have SM isolation turned on with option 2 to forward packets
 upstream and they want to see the home when at the office and the
 office when at home.

 So I set up a mangle rule in my Mikortik to mark the packets with a
 routing mark based on the SRC and DST addresses, and then used a
 static route for anything what that mark and send it back to the AP
 port. It doesn't work, what am I doing wrong, any suggestions short
 of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Chuck McCown via Af]

Most addiction recovery programs tell you to not hang around with the same 
crowd...


-Original Message- 
From: Gino Villarini via Af

Sent: Wednesday, October 15, 2014 3:16 PM
To: af@afmug.com
Subject: Re: [AFMUG] SM Isolation question

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote:


The other issue is p2p traffic between two people on the same AP and
if you are doing bandwidth shaping in your router, even at the tower,
you will never see these packets. Or in the case the original poster
asked about, that customer could keep a high-def window open of all
their video cameras at the other location, using 3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:

When you forward SM-to-SM traffic upstream, there's nothing the router
can do about it. Put the two locations on different IP subnets so that
traffic between the two has to be routed. Or turn off SM isolation.

I leave SM isolation off because I'm not that paranoid. The biggest
risk is broadcast/multicast crap flying around. So use the SM uplink
broadcast/multicast rate limiting. This is one of the best features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:

We have a customer that has two SM's on the same AP at separate
physical locations (home and office). The have a DVR at each location
that they want to view. Everything is configured properly on their
end to view the DVR's on port 80 through their routers.   Problem is
that we have SM isolation turned on with option 2 to forward packets
upstream and they want to see the home when at the office and the
office when at home.

So I set up a mangle rule in my Mikortik to mark the packets with a
routing mark based on the SRC and DST addresses, and then used a
static route for anything what that mark and send it back to the AP
port. It doesn't work, what am I doing wrong, any suggestions short
of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Travis Johnson via Af]

It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th. Always stuff going 
on. LOL


Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote:


The other issue is p2p traffic between two people on the same AP and
if you are doing bandwidth shaping in your router, even at the tower,
you will never see these packets. Or in the case the original poster
asked about, that customer could keep a high-def window open of all
their video cameras at the other location, using 3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:

When you forward SM-to-SM traffic upstream, there's nothing the router
can do about it. Put the two locations on different IP subnets so that
traffic between the two has to be routed. Or turn off SM isolation.

I leave SM isolation off because I'm not that paranoid. The biggest
risk is broadcast/multicast crap flying around. So use the SM uplink
broadcast/multicast rate limiting. This is one of the best features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:

We have a customer that has two SM's on the same AP at separate
physical locations (home and office). The have a DVR at each location
that they want to view. Everything is configured properly on their
end to view the DVR's on port 80 through their routers.   Problem is
that we have SM isolation turned on with option 2 to forward packets
upstream and they want to see the home when at the office and the
office when at home.

So I set up a mangle rule in my Mikortik to mark the packets with a
routing mark based on the SRC and DST addresses, and then used a
static route for anything what that mark and send it back to the AP
port. It doesn't work, what am I doing wrong, any suggestions short
of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Gino Villarini via Af]

Someone told me you were getting into manufacturingŠŠ



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.com  
@aeronetpr






On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote:

It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th. Always stuff going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:
 Travis, are you getting bored at your current job? Lol!!

 Great to see you active in the list!



 Gino A. Villarini
 President
 Aeronet Wireless Broadband Corp.
 www.aeronetpr.com
 @aeronetpr






 On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote:

 The other issue is p2p traffic between two people on the same AP
and
 if you are doing bandwidth shaping in your router, even at the tower,
 you will never see these packets. Or in the case the original poster
 asked about, that customer could keep a high-def window open of all
 their video cameras at the other location, using 3-4Mbps of constant
 traffic, and you would never see it.

 Travis

 On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
 When you forward SM-to-SM traffic upstream, there's nothing the router
 can do about it. Put the two locations on different IP subnets so that
 traffic between the two has to be routed. Or turn off SM isolation.

 I leave SM isolation off because I'm not that paranoid. The biggest
 risk is broadcast/multicast crap flying around. So use the SM uplink
 broadcast/multicast rate limiting. This is one of the best features of
 Canopy, IMO.

 On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
 We have a customer that has two SM's on the same AP at separate
 physical locations (home and office). The have a DVR at each location
 that they want to view. Everything is configured properly on their
 end to view the DVR's on port 80 through their routers.   Problem is
 that we have SM isolation turned on with option 2 to forward packets
 upstream and they want to see the home when at the office and the
 office when at home.

 So I set up a mangle rule in my Mikortik to mark the packets with a
 routing mark based on the SRC and DST addresses, and then used a
 static route for anything what that mark and send it back to the AP
 port. It doesn't work, what am I doing wrong, any suggestions short
 of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Jason McKemie via Af]

Yeah, SaaS is great for the company that owns it, not so great for everyone
else.

On Wednesday, October 15, 2014, Travis Johnson via Af af@afmug.com wrote:

 Nope... mainly SaaS companies and real estate. Best of both worlds. :)

 Travis

 On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:

 Someone told me you were getting into manufacturing��



 Gino A. Villarini
 President
 Aeronet Wireless Broadband Corp.
 www.aeronetpr.com
 @aeronetpr






 On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote:

  It just depends on the day... :)

 Involved in 11 companies now, and looking at a 12th. Always stuff going
 on. LOL

 Travis

 On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:

 Travis, are you getting bored at your current job? Lol!!

 Great to see you active in the list!



 Gino A. Villarini
 President
 Aeronet Wireless Broadband Corp.
 www.aeronetpr.com
 @aeronetpr






 On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote:

  The other issue is p2p traffic between two people on the same AP
 and
 if you are doing bandwidth shaping in your router, even at the tower,
 you will never see these packets. Or in the case the original poster
 asked about, that customer could keep a high-def window open of all
 their video cameras at the other location, using 3-4Mbps of constant
 traffic, and you would never see it.

 Travis

 On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:

 When you forward SM-to-SM traffic upstream, there's nothing the router
 can do about it. Put the two locations on different IP subnets so that
 traffic between the two has to be routed. Or turn off SM isolation.

 I leave SM isolation off because I'm not that paranoid. The biggest
 risk is broadcast/multicast crap flying around. So use the SM uplink
 broadcast/multicast rate limiting. This is one of the best features of
 Canopy, IMO.

 On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:

 We have a customer that has two SM's on the same AP at separate
 physical locations (home and office). The have a DVR at each location
 that they want to view. Everything is configured properly on their
 end to view the DVR's on port 80 through their routers.   Problem is
 that we have SM isolation turned on with option 2 to forward packets
 upstream and they want to see the home when at the office and the
 office when at home.

 So I set up a mangle rule in my Mikortik to mark the packets with a
 routing mark based on the SRC and DST addresses, and then used a
 static route for anything what that mark and send it back to the AP
 port. It doesn't work, what am I doing wrong, any suggestions short
 of disabling SM isolation?

Re: [AFMUG] SM Isolation question

[Tyler Treat via Af]

True story.

___
Mangled by my iPhone.
___

Tyler Treat
Corn Belt Technologies, Inc.

tyler.tr...@cornbelttech.commailto:tyler.tr...@cornbelttech.com
___


On Oct 15, 2014, at 10:30 PM, Jason McKemie via Af 
af@afmug.commailto:af@afmug.com wrote:

Yeah, SaaS is great for the company that owns it, not so great for everyone 
else.

On Wednesday, October 15, 2014, Travis Johnson via Af 
af@afmug.commailto:af@afmug.com wrote:
Nope... mainly SaaS companies and real estate. Best of both worlds. :)

Travis

On 10/15/2014 3:40 PM, Gino Villarini via Af wrote:
Someone told me you were getting into manufacturing??(1/2)??(1/2)



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.comhttp://www.aeronetpr.com
@aeronetpr






On 10/15/14, 5:31 PM, Travis Johnson via Af af@afmug.com wrote:

It just depends on the day... :)

Involved in 11 companies now, and looking at a 12th. Always stuff going
on. LOL

Travis

On 10/15/2014 3:16 PM, Gino Villarini via Af wrote:
Travis, are you getting bored at your current job? Lol!!

Great to see you active in the list!



Gino A. Villarini
President
Aeronet Wireless Broadband Corp.
www.aeronetpr.comhttp://www.aeronetpr.com
@aeronetpr






On 10/15/14, 4:14 PM, Travis Johnson via Af af@afmug.com wrote:

The other issue is p2p traffic between two people on the same AP
and
if you are doing bandwidth shaping in your router, even at the tower,
you will never see these packets. Or in the case the original poster
asked about, that customer could keep a high-def window open of all
their video cameras at the other location, using 3-4Mbps of constant
traffic, and you would never see it.

Travis

On 10/15/2014 1:48 PM, George Skorup (Cyber Broadcasting) via Af wrote:
When you forward SM-to-SM traffic upstream, there's nothing the router
can do about it. Put the two locations on different IP subnets so that
traffic between the two has to be routed. Or turn off SM isolation.

I leave SM isolation off because I'm not that paranoid. The biggest
risk is broadcast/multicast crap flying around. So use the SM uplink
broadcast/multicast rate limiting. This is one of the best features of
Canopy, IMO.

On 10/15/2014 2:23 PM, Christopher Tyler via Af wrote:
We have a customer that has two SM's on the same AP at separate
physical locations (home and office). The have a DVR at each location
that they want to view. Everything is configured properly on their
end to view the DVR's on port 80 through their routers.   Problem is
that we have SM isolation turned on with option 2 to forward packets
upstream and they want to see the home when at the office and the
office when at home.

So I set up a mangle rule in my Mikortik to mark the packets with a
routing mark based on the SRC and DST addresses, and then used a
static route for anything what that mark and send it back to the AP
port. It doesn't work, what am I doing wrong, any suggestions short
of disabling SM isolation?