I am trying to setup the DHCP server of an epmp hotspot to act as a router behind an epmp 180 CPE, basically to work the same as a cnPilot router, or any other home router. I don't want the clients of the hotspot to use our core router for DHCP, and I am trying to avoid installing another router at the site. All I want on site is the force 180 and the epmp hotspot up on a pole. Can this be done and what do I need to do do to so clients get their IP addresses from the hotspot? OUr core DHCP is 192.168.11.0/24...would like a DHCP pool of 192.168.25.0/24 coming out of the hotspot. Bridge subnet is 169.254.2.0/24.
Please find the below configuration:
- Network -> DHCP -> Create pool
Configure network address range, default gateway and DNS. Save the configuration.
- Network -> VLAN -> Add new interface Create VLAN interface : Configure IP ADDRESS ( same as created as gateway on DHCP), Check the "Hides IP" option to enable NAT so the client will get internet access.
- Configure -> WLAN, Create wireless SSID for VLAN created .
Now the client connect to the SSID created will get IP ADDRESS from the pool configured.
- ePMP HotSpot configuration.docx (115 KB)
Assuming the solution suggested above works for you, we’d love to get some photos of the combined ePMP hotspot and the ePMP backhaul along with the location. We are always looking for deployment photos to share with the members on this forum
I have used the config example and it does indeed provide internet access on a different subnet to that of the original network, my E500 receives a DHCP addresses of 172.30.1.132 from the the network with Internet access and it dishes out addresses via my 'hotspot' SSID of 192.168.1.x. This works great but i now want to prevent my 'hotspot' clients seeing the 172.30.1.x network which is our clients private LAN, naturally I still need to offer Internet access on 192.168.1.x though.
Can this be achieved without getting deep into implementing VLAN architecture and more hardware?
ACL rules will solve this issue.
Please add following ACL rules on your HOTSPOT SSID to prevent traffic from 192.168.1.x to 172.30.1.x:
acl permit ip 255 any any any
acl deny ip 254 any 172.30.1.x/24 any
acl permit ip 1 any <DNS Server IP> any
Please let us know if you have any issues.
Thanks , just to make it clear for others who may want to benefit from this 172.30.1.x didn't work, you need to put in 172.30.1.0.
It works well now and i have achieved 100% what i wanted.
The best practice to write ACL shall include ACL index number with a gap like below,
acl permit ip 5 any <DNS Server IP> any
acl deny ip 10 any 172.30.1.0/24 any
acl permit ip 50 any any any
If we keep the gap in ACL index later it will easy to insert new ACL rules at appropriate place. Internally ACL rules will be evaluated in sequential fashion