ePMP3000 - SM Traffic Isolation issue

alextargo · September 28, 2022, 5:46pm

Did you experiment this weird SM traffic isolation issue on epmp3000 ?
Same setup was all functional using epmp1000 AP.

A Residential customer is unable to connect via VPN on his business-site on the same AP.
SM traffic isolation is DISABLED.

Business-site is a Force200 in bridge mode and have a router behind.
We use a different VLAN at the business router to connect to our OSPF network.
Everything else works as usual.
The customer VPN is functioning normally when shutting the main business link and forcing their traffic via another OSPF path.

Paduraru_Vasile_Narc · September 29, 2022, 9:13am

Same issue here. We sadly solved the issue installing another AP on the tower.

aka · September 29, 2022, 11:59am

Hi, @alextargo!

Can your customer ping his business site host without vpn?
Did you try to use tcpdump to see what is going on there?
Another clue, could you try with NSS disabled on AP?

alextargo · September 29, 2022, 12:43pm

Thanks Andrii,

Ping is ok
VPN and traceroute are not.

How do you disable NSS-Offload on epmp3000 ?

aka · September 29, 2022, 5:01pm

e3k_cs>config set cambiumAccelerationEngine 3
e3k_cs>config commit
e3k_cs>reboot

Also do it on SM if it is F300. There is ECM and it is something similar

alextargo · September 30, 2022, 4:16pm

thanks, we’ll let you know.

squirrely · October 1, 2022, 6:35am

We also experienced the issue. But our setup was little different. Nevertheless we determined this was definitely caused by ePMP3000 AP. TCP and ICMP traffic easily passes, but there was some weird issue with UDP packets. In our case it was MSSQL database using UDP protocol, but I imagine it might be similar with VPN. We solved this by turning one SM to different AP…

system · October 3, 2023, 5:05pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.