Can an epmp hotspot be used basically the same as a router

I am trying to setup the DHCP server of an epmp hotspot to act as a router behind an epmp 180 CPE, basically to work the same as a cnPilot router, or any other home router.  I don't want the clients of the hotspot to use our core router for DHCP, and I am trying to avoid installing another router at the site.  All I want on site is the force 180 and the epmp hotspot up on a pole.  Can this be done and what do I need to do do to so clients get their IP addresses from the hotspot?  OUr core DHCP is like a DHCP pool of coming out of the hotspot.  Bridge subnet is


Please find the below configuration:

  1. Network -> DHCP -> Create pool

Configure network address range, default gateway and DNS. Save the configuration.

  1. Network -> VLAN -> Add new interface Create VLAN interface : Configure IP ADDRESS ( same as created as gateway on DHCP), Check the "Hides IP" option to enable NAT so the client will get internet access.
  1. Configure -> WLAN, Create wireless SSID for VLAN created .

Now the client connect to the SSID created will get IP ADDRESS from the pool configured.


Dear Tropicotto,
Assuming the solution suggested above works for you, we’d love to get some photos of the combined ePMP hotspot and the ePMP backhaul along with the location. We are always looking for deployment photos to share with the members on this forum


I have used the config example and it does indeed provide internet access on a different subnet to that of the original network, my E500 receives a DHCP addresses of from the the network with Internet access and it dishes out addresses via my 'hotspot' SSID of 192.168.1.x.  This works great but i now want to prevent my 'hotspot' clients seeing the 172.30.1.x  network which is our clients private LAN, naturally I still need to offer Internet access on 192.168.1.x though. 

Can this be achieved without getting deep into implementing VLAN architecture and more hardware?     



ACL rules will solve this issue.

Please add following ACL rules on your HOTSPOT SSID to prevent traffic from 192.168.1.x to 172.30.1.x:

acl permit ip 255 any any any

acl deny ip 254 any 172.30.1.x/24 any

acl permit ip 1 any <DNS Server IP> any

Please let us know if you have any issues.

Thank You.

Thanks , just to make it clear for others who may want to benefit from this  172.30.1.x didn't work, you need to put in 

It works well now and i have achieved 100% what i wanted.

Thanks again  

The best practice to write ACL shall include ACL index number with a gap like below,

acl permit ip 5 any <DNS Server IP> any 

acl deny ip 10 any any 

acl permit ip 50 any any any

If we keep the gap in ACL index later it will easy to insert new ACL  rules at appropriate place.  Internally ACL rules will be evaluated in sequential fashion