A5 SRS Client Isolation


#1

Ok so in SRS mode, I can’t turn off Client Isolation. Can’t run WiFi Interop because then there is no VLAN Trunk or Passthrough mode. This isn’t working out great for my application. I read somewhere on the forum that might be changing soon. Any word on the timeline for that? Running 2.4.0.3-beta-1


#2

No idea when the ability to turn off client isolation is coming, but I am quite curious what you are doing that needs non-isolated clients?


#3

Have customer traffic in different VLANs and NVR traffic in another. The NVR is in one building with a C5 and cameras on all the rest. Due to the layout of the buildings I wasn’t able to put the A5 with the NVR so camera traffic must transit C5-A5-C5 to get to the NVR.


#4

The camera guy wanted to put in a bunch of engenius PtPs for each building. So to avoid that nightmare I agreed to do transport for the cameras since we already had antennas on all the buildings. Previously had setup a PrismStation on the tower to each building but we wanted more bandwidth so we put up an AF24 for the backhaul, A5 on that building and replaced all the Ubiquiti radios with C5s. Customer traffic went from about 70 Mbps peak to 180 Mbps peak so that part is great. Just have to get around the client isolation issue.


#5

For a WISP that does DHCP leases of public IP addresses isolation is ideal for many reasons, privacy, security, etc. If Customer A’s PC can use a hosted service on Customer B’s server with both being on the same A5C on the same WISP how is it possible? A: They both have public IP addresses but more importantly they are both routed! Routing is the key.

Since the A5C isolates direct traffic between clients you need to go out a gateway and then back in and out to the client(s). Route traffic with a router using static IP addresses possibly even a mix of different subnets and vlans.


#6

Ahh, yes I see what you are trying to do. Thanks for the explanation, helps to remind me that these systems are for more then one use case.

@DavidD is probably the one to know about potential release times for various features.

A temporary solution, until Mimosa gets around to implementing a “Client Isolation” switch, would be to do a PTP link from the A5 location to the NVR building. That way you can lessen the outbound traffic on the A5, but camera traffic can be pretty minimal so this is probably overkill.


#7

Hello Cameron and William5,

Unfortunately, Client Isolation is only available in Wifi Interop mode. At this time we, don’t have an ETA for it in SRS mode.


#8

@DavidD

Hello back at you! Hope you are doing well.

Thank you for the update and clarification.


#9

What about MTU in WiFi Interop mode? Is the jumbo packet option still available in Interop mode?


#10

Jumbo packets, up to 2474 bytes, are supported on the A5 in both SRS and Wifi Interop mode.