how to setup a VLAN on 900mhz advantage

hello guys, i was wondering if someone could show me how to set up a VLAN? the reason is i would like to isolate a customer so he won’t be able to see the other customer. i read something about changing a setting in the AP to isolate this. i just wonder if i do this, do i also HAVE to set up a VLAN, or can i just leave it like that?

i will place a screen shot in a little bit when i get back.

any help i would really appreciate it so much. it;'s been a night mare and i cannot figure out this thing. i love motorola canopy but it’s just new for me. i thought i knew networking for this is totally new for me.

thank you so much!

Simply enable SM Isolation on the AP. Additionally enabling NAT on the SM, or putting the customers behind a router will further isolate customers from each other.

You should NOT put a customer PC directly on your network on a bridged SM. If that PC gets infected it will affect your entire network.

thank you. oh i see, so in escence, what options should i use according to this screen shot?

right now i have option number 1. i guess according to your advice, the correct one is #2?

the other thing was, i tried to enable the NAT option in the SM, i just could not understand very well how to set it up. i get really confused at the DHCP options.

but let me ask you this before i change this option. if i enable this right now -whatever option might be- can someone still surf the internet? that would give me some time to go and change settings for each one.

super! thank you for yoru advice.

Have you referred to the manual yet? If not, it’s a wonderful resource and will answer these and other questions.

As far as enabling NAT, the manual also explains this. You’ll want to get the release notes for whatever software version you are using.

Do you have a DCHP server that hands out IP addresses to your customers? Or do you manually assign each customer an IP address? Are these public or private IP’s?

no, i set manualy the IP’s. i was told this is the best way to stop someone from using my network, is that true? i guess if you don’t know the network ip you can’t login. when someone registeres to the AP it does not give you a IP address, you have to manually set it up.

i will check the manual. thank you though.

Are you connecting your customers directly to the SM or do they have routers?

some customers have routers but the rest of them are connected directly through the SM Radio. that means, from the radio directly to their computer. i know some have seen others through the network option in windows xp and in vista they are discovered automatically, scary thing!

Do these customers have public or private IP’s?

for customers that don’t have routers, enable NAT in the SM and then have the customer change the TCP/IP settings to obtain automatically.

that will take care of this particular issue.

public or private ip’s? you mean static ip? if what you mean is static ip, then the answer is ‘yes’, i assign an static ip address but when you go to like it will show our main ip address and not the one i have assigned to them.

i will enable NAT with using a test SM because last time i was having such a hard time. i can register but i might be missing something because i cannot surf the net. i guess i will post my questions here. i tried to read the manual that one time and i found it very confusing. i don’t mean to sound like a pest but certainly i will do my best this time. thanks. :slight_smile:


what is this?? 'block SM destined packets from being forwarded"

This will explain the difference between a public and private IP address:

you are assigning private IP’s to your customers routers or PC’s. Your customers with routers are Double-NAT - i.e. a private IP behind a private IP. Inmost cases this is not an issue, but with some game consoles this can be an issue. Search the forum for XBOX for more info.

In NAT, the SM works just like a wired router. Assign the customer’s IP address to the WAN settings in the router, and then change the computer to Obtain IP Automatically or DHCP. The customer will pull an IP from the SM.

oh ok, that makes sense. so i don’t have to mess with the “'block SM destined packets from being forwarded”" ? should i leave it on option number 1 then?

option 1 is fine although if you implement a standar of either a router or SM in NAT mode that will be the best solution. You really don’t want customers PC’s directly connected to your network - it’s a surefire rrecipie for pain.

oh ok thank you so much for the advice. i will keep your advice very handy.

its also a good idea to set port filtering on the sm as well. especially ipv4 multicast, bootp server, and smb. that way they aren’t multicasting across your network and blocking smb makes to where one windows user doesnt see another in my network places on a bridged network. blocking bootp server is for just in case a user plugs the antenna into the switch port on a router he wont be sending dhcp thorughout your network.

Something to add: If you don’t run NAT on the SMs it would also be wise to segregate traffic between APs (or at least tower sites). You can accomplish this by running a separate VLAN to each AP, using a multi-port router on site, or by using features like Private VLANs, “port protected” on a Cisco switch, or the port-based VLAN “Uplink” feature on Moto’s CMMs. Not much good blocking junk between users on a given AP if they can still saturate every other AP and BH on your network…

that sound good but i think for now i will just use the NAT in the SM because to be frankly with you, i am not sure how to set up all those things. but thank you though for the info. i have also thought about mikrotik and i am really needing to learn how to set it up. there;s just too many options as far as hardware goes. oh man!

if you are going to go with mikrotik i would definitely advise that you goto the basic certification class. it will definitely help you understand how it works and some more advanced options of networking.i had been working with mikrotik for about a year and half before i took the class and i still learned a whole lot of very interesting info.