I have an AP and many SMs with one PC behind each SM. I see all computers can access others through network neiborhood in windows, with SMB checked in all SMs in PROTOCOL FILTERING!
I tryed with P9 and P10 with all combination of firmware 184.108.40.206 and 8.2.2, can anybody helpme with that, please?
do you have the SM isolation on the AP turned on?
microsoft has added some ports that smb uses that moto hasn’t updated the firmware to block. you can manually add the other ports.
here’s a link to another thread that talks about which ports you need to block:
http://motorola.canopywireless.com/supp … php?t=4980
Lamentablemente curso telefonia IP entre ellos por lo que no puedo activar el “Isolation” en el AP.
He probado bloqueando combinaciones de SMB y todos los puertos extras:
Dispositivos de red
y aun asi se siguen viendo las PCs entre si. Puede ser un bug del firmware? Alguien ha podido solucionar este inconveniente sin agregar hardware extra?
Sorry! now in English
Unfortunately I can’t activate Isolation because they have IP phones to talk between them.
I have been tested all combination (SMB and other ports) with no results.
Dispositivos de red
Has somebody resoved this issue without add new hardware?
Can you use NAT and port forwarding with these SMs? That would effectively eliminate the problem.
Actually I can’t do that. I have to many clients with public IP and services running in servers. I can’t make port forwarding every time they want to add a new service.
You could DMZ to a router on the inside and let them deal with the port forwarding from that point.
Here is how we handle business customers.
SM in bridge mode
- SMB (Network Neighborhood)
- Bootp Client
- Bootp Server
- IPv4 Multicast
Customer supplies a router (required) and is responsible for managing it. We set it up for remote management and respond to Ping. If we can ping and access the router, we have met our responsibility.
If they don’t have an in-house IT person we refer them to one. We don’t touch anything in the customer’s network as we don’t get paid for that type of work, and we don’t want to be responsible for it. Interestingly, customers appreciate being told “This is where our responsibility ends but here is the number of a company that can help you”.
This is how every other business ISP does it as it provides a clear Demarcation point. My philosophy is that WISP’s should focus on being WISP’s and do that better than the Big Telco if they want to survive.
Of course if you have a division that does IT support that’s a different story, but the setup should be the same. This way if the ISP division can ping the router, they can turn it over to the IT division who will CHARGE for working on a customer network, server, desktop, etc.
Jerry Richardson wrote: Customer supplies a router (required) and is responsible for managing it. We set it up for remote management and respond to Ping. If we can ping and access the router, we have met our responsibility.
I'm a little reluctant to adopt your philosophy because I see it as a potential risk. For example, the customer could change his public IP causing big issues to the network.
How can you control that? Do you apply any control on his router MAC address?
It has never happened in 6 years.
If it became an issue I would warn them once and terminate the second time.
After reread user guide and talk with Canopy support I finally understand… The filter work in ethernet to wireless way and not take care of wirelles to ethernet at all. So, I need to block all SMs to keep PCs safe from other computers.
Moto guys told me this work is to protect the network from issues in the customer side (behind SM).
So, to protect customers from Internet, I have to update border firewalls, and of course, every costumer have to take care of your own safety.
How do you block more than THREE other ports on the SM?
There is only room for three additional ports.
There is no way to block more than 3 ports at the same time.