We are a WISP using the PMP 400 canopy system. I’m looking for a way to ensure that customers can connect only one device to the lan port of the subscriber module (SM). (really, I want to make sure they only get one IP address). I want to avoid having a user connect a hub/switch to the lan port and then connect 5 different computers pulling 5 IP addresses from our pool.
I understand many customers will connect their own router/wireless router, running NAT and put 5-10 devices behind it, and that’s fine since they’re only getting one IP address from us.
I know many cable companies filter MAC addresses at the cable modem and only the first MAC address is allowed to pass traffic until the cable modem is power cycled. That would be perfect.
Does anyone know if there is a setting in the SM that would restrict the LAN port to only passing traffic from the first MAC address it sees? If not, I’m open on how to restrict customers to just one IP address unless they pay for additional public IP’s. I really don’t want to assign static IP’s to every customer device nor register MAC addresses in a DHCP database.
Thanks!
–Andrew Duey
I’m not sure if that is even possible in the SM.
We accomplish it with our billing software that controls the DHCP server. If their MAC address is not registered with us, they don’t get an IP address (or get a redirect page that tells them they need to call in).
Thanks smwtech. 2 more follow up questions to you if I may:
1) Do you require every customer to tell you their mac address and then notify you of any updates?
2) Can I ask what billing software you run?
Thanks,
–Andrew
AndrewDuey wrote: Thanks smwtech. 2 more follow up questions to you if I may:
1) Do you require every customer to tell you their mac address and then notify you of any updates?
2) Can I ask what billing software you run?
Thanks,
--Andrew
1) Yes
2) Powercode
I’m not sure we want to have to deal with customer MAC addresses but if it comes to that I’ll guess we’ll have to.
I’ll also look into the Powercode product and see if it’s a good fit for us.
Thanks again for the reply smwtech!
If anyone else has any ideas I’m all ears.
The reason I mentioned our billing software is that instead of going out and purchasing a product like Powercode, you may be able to do the same thing with some programming in your DHCP server in your existing system. I’m not even going to hint it would be easy, but it’s probably doable.
That’s true. For just that part it would be pretty easy to edit the configuration of the DHCP server. You could create DHCP reservations by MAC address for authorized customers and then in the main DHCP pool put addresses in a different subnet with different DNS information and then redirect them to a company web page that tells them their MAC address isn’t recognized (possibly because of new equipment on their end) and that they need to contact technical support for assistance. I don’t think that would take more than a couple hours to implement and test.
I was thinking about checking out Powercode to see what else it can do. Right now we’re just putting together the pieces and if Powercode can do not only access control, but billing, overage, speed changes, etc, it might be worth it.
–Andrew
If you have a good Layer 2 network I might as well take this opportunity to flog PPPoE. Like our DSL users it’s very easy for us to limit customers. In our RADIUS server, we just send to the PPPoE router the “Session-Limit” attribute - set it to 1 and presto! Problem solved.
I was wondering if anyone else was using PPPoE that way. I guess I’ve worked with PPPoE on the DSL side (consumer side, not provider side). Seemed like it might work ok other than I don’t know the first thing about setting up PPPoE server . . . I guess I’ll have to bone up on that too and decide if that’s a feasible route.
The new AP’s going up are from a different manufacturer that’s nowhere near as configurable as the Canopy network. I’ve been trying to figure out the best way to sort out customers at that tower site – moving to PPPoE would give us a lot more flexibility I think.
Thanks Salad!
AndrewDuey wrote: I was thinking about checking out Powercode to see what else it can do. Right now we're just putting together the pieces and if Powercode can do not only access control, but billing, overage, speed changes, etc, it might be worth it.
--Andrew
It can do all of that and more, but it does have it's issues.
AndrewDuey wrote: The new AP's going up are from a different manufacturer that's nowhere near as configurable as the Canopy network. I've been trying to figure out the best way to sort out customers at that tower site -- moving to PPPoE would give us a lot more flexibility I think.
There are a ton of options for PPPoE out there. You can spend anywhere from 3 figures to 6 depending on what you want. We have some giant setup from Redback Networks with special software and a ton of features and support contract yadda yadda. A lot of people are happy with MikroTik RouterBoards. Or you could pick up a used Cisco 7200 off of eBay for a thousand bucks that will run like a beast.
Really the biggest thing is having a good L2 network with VLANs and CPE that work properly in bridged mode. This is probably the greatest drawback... there are some radios out there that mangle packets pretty well (certain Tranzeo), perform MAC NAT (certain Tranzeo), redundancy falls back to spanning tree, and you have to actually think about approaching MAC address limits on gear.
Over time I've hacked together different combinations to retain private IP management infrastructure with PPPoE directly to subscribers that gives them a public IP address to do with what they wish. One of the greatest benefits is centralized control. Unless something is part of a tech support process, the CPE becomes irrelevant... just find the account in our RADIUS internal page and click "disable". Or change their profile to a higher speed if they upgrade. (Obviously platform dependent as some radios need to be configured for a specific rate, EG PMP320 so the QoS scheduling mechanism works properly.)
If you're serious about looking at PPPoE though, there is some information around here, or if you'd like to shoot me a PM I can help out as much as I can