IP addresing structure help!

Hello everyone,

Our rural access startup company has been running the network on a single subnet, form routers to customers PCs. I will like to segment traffic by device and completely mask subscribers from seeing the login screens of our infrastructure. So far we only have a few customers/beta testers online but we are receiving requests form real clients that want to sign up and I don’t feel comfortable with the IP setup we have.
After reading several postings in this forum I think I have something that may work.

I haven’t totally understood yet the difference between LAN1, NAT public network and Radio Public network.

Our infrastructure looks like this:
ADSL Router<->BHM<->BHS<->CMM<->AP Omni<->BHM<32miles>BMS<->CMM<->AP1<->AP2<->AP3

Could you please tell if this configuration will work before I do the changes?

Router
IP 10.10.10.1
Subnet 255.255.255.240

BH Master
IP 10.10.5.254
Subnet 255.255.255.240
Gateway 10.10.10.1

BH Slave
IP 10.10.5.1
Subnet 255.255.255.240
Gateway 10.10.5.254

CMM Micro
IP 10.10.5.2
Subnet 255.255.255.240
Gateway 10.10.5.254

AP 1
IP 10.10.5.3
Subnet 255.255.255.240
Gateway 10.10.5.254

AP 2
IP 10.10.5.4
Subnet 255.255.255.240
Gateway 10.10.5.254

SM 1 DHCP server Enabled
NAT: Enabled
NAT Public 10.10.10.1
Subnet 255.255.255.240
Gateway 10.10.5.254
NAT Private 192.168.1
Subnet 255.255.255.0
DNS 10.10.5.254

SM 2 DHCP server Enabled
NAT: Enabled
NAT Public 10.10.10.2
Subnet 255.255.255.240
Gateway 10.10.5.254
NAT Private 192.168.1
Subnet 255.255.255.0
DNS 10.10.5.254

Thanks for all the help! :wink:

Hey Man,

That looks wrong, from the mask side.

Thanks Ernie,

I kind of thought about thank too but weren’t sure.

We have decided to start on a flat network until we reach over 100 customers.

If you are going to run flat and want to prevent your customers from seeing infrastructure you’ll need to set up some kind of firewalling and put rules in place to do so.

We’re using OpenBSD to do this for us.

We use IPPlan running on an Ubuntu LAMP (Linux, Apache, MySQL, PHP) server to manage our IP’s. If there is a better way to manage IP’s I can’t think of what it might be.

We have a Class B to manage our network devices and two Class C public IPs for customers routers or SM-NAT WAN

In IPPlan you can break up the Class B any way you like, so I have it broken down to a bunch of /25 blocks as I don’t see having more than 128 devices in a block (it can always be changed to a /24 later). You can have IPPlan scan your network for live IP’s but that only works on devices that will respond to ping.

We always use GetIF to view the ARP table in our router to confirm an IP is not live to make sure we don’t get duplicates.

Here is the breakdown.

10.0.1.x = NOC and Network Devices
10.0.1.1 = Router
10.0.1.2 = UPS
10.0.1.10 = Main BH
10.0.1.11 = Backup BH
10.0.1.100 Monitoring Server


10.0.10.x = Tower 1
10.0.10.1 = CMM
10.0.10.2 = UPS
10.0.10.10 = BH1
10.0.10.11 = BH2
10.0.11.1 = AP1
10.0.12.1 = AP2
10.0.13.1 = AP3
etc

10.0.20.x = Tower 2
10.0.20.1 = CMM
10.0.20.2 = UPS
10.0.20.2 = BH
10.0.21.1 = AP1
10.0.22.1 = AP2
10.0.23,1 = AP3
etc.

10.0.30.x = Tower 3
etc

The only downside to this is that it’s limited to 25 tower locations before the schema breaks down. I don’t see it happening in this network (hopefully I am wrong).

Child SM’s are assigned an IP from the parent AP’s block. For example the first SM on Tower 1/AP 2 would be 10.0.12.2

Our network runs as a flat bridged network and works fine, BUT you have to make sure that you turn on the filters in the SM’s.

Hope that helps