networking questions - how to optimize

Hello folks. Little WISP growing pretty quickly…

here is my current layout:

Main office: Internet connection-Cisco 2600-switch-Mikrotik Router-PTP unit to remote tower


Remote Tower:

PTP unit-Motorola CMM-3APs.

Here are my questions. I know this is not the best setup, but its how I got started.

Should I have each AP on a different subnet? Right now they are all in the same IP range.

Are there any obvious reasons to have a router at the tower where the APs are?

Still learning…

if youre straight routing, then its better to have seperate subnets, this eliminates any talking amongst one another, at least thats our take on it. Now If you know VLAN, from what I understand thats the cats meow

It all depends on how your network is setup. The basic ideas of a good network are:

- Keep your customers away from management (ie keep them separated)
- Traffic should only traverse the network areas absolutely necessary.

In my environment we run it all bridged with PPPoE. Customers run PPPoE clients on their PCs or routers or microwaves or whatever. We have one customer data VLAN per manufacturer (keeps SkyPilot and Motorola stuff apart) per tower and one management VLAN per manufacturer, all terminated centrally. Since our customers are bridged directly onto our network it is important that their data is isolated. We use 802.1q VLANs, SM isolation, and the “uplink” port-based VLAN feature of the CMM Micros to limit layer 2 connectivity so that customer-connected equipment basically can’t see anything but our PPPoE concentrator.

A very popular approach is to run NAT on the SMs. In this scenario VLANs on the APs + SMs is not strictly necessary as the SMs are acting as a router, giving you control over the SM’s public-facing interface. In an environment like this you can still get broadcast storms generated by the SM, so it is good to either create VLANs on your backhaul network and terminate them centrally, or drop them onto a MikroTik router at the tower.

Of course there are methods in between these, like running the radios in bridged mode and then terminating whatever it is you run at the tower. You may not even need VLANs depending on how you design things.

But as thatoneguysteve says, it certainly is the bees knees when you have an SM or device with an unrouteable IP address in it and you have layer 2 connectivity from your desk so you can fix it without a truck roll :smiley:

I’m all bridged right now.

Do you mean putting each AP on its own subnet?

they way we have ours setup is each tower is own its own subnet that also pertains to color codes to help remember which goes to what tower as in 10.10.(10).1 for color code (10) and so on. also each tower has a router that separates the ap’s and sm’s from the backbone. for voip customers we use the hi priority channel set at 100kbps along with diffserve codepoint 46 set to priority of 6. we still need to setup SM isolation on all the ap’s. which would help with broadcast traffic. we also use port vlan’ing at the cmm with the bh set as the uplink port.

You have a similar setup to what we do. It might not be “correct” but works for us.

For the most part we run all of our radios in a bridged mode. For customers without routers we run the SM in NAT mode.

No VLANS.
Hi Priority Channels for VOIP
All of our customers poll DHCP for public IPs, server running at the Backbone Colocation
Each AP and SM belonging to it has its own internal static IP address range.
Ex.
AP1 10.0.1.x (for us the AP is always x.x.x.0) and each SM on AP1 is 10.0.1.1, 10.0.1.2, and so on)
AP2 10.0.2.x and each SM on AP2 10.0.2.1, etc…

Our internal devices (switches, CMMs, routers, servers, backhauls) are all on 10.0.0.x

And all of these share the same subnet 255.255.0.0 for ease of tracking via PRTG from our main server.

salad wrote:
A very popular approach is to run NAT on the SMs. In this scenario VLANs on the APs + SMs is not strictly necessary as the SMs are acting as a router, giving you control over the SM's public-facing interface. In an environment like this you can still get broadcast storms generated by the SM


Excuse me salad, what do you mean when you say "you can still get broadcast storms"?
I have all my customers natted on the SM, so they will use a private subnet (e.g. 192.168.0.x). As far as I know they cannot generate any layer2 broadcast (because Canopy SM is acting as a NAT masquerading router). What am I missing?
BigTrumpet wrote:
Excuse me salad, what do you mean when you say "you can still get broadcast storms"?
I have all my customers natted on the SM, so they will use a private subnet (e.g. 192.168.0.x). As far as I know they cannot generate any layer2 broadcast (because Canopy SM is acting as a NAT masquerading router). What am I missing?


ARP :) It is possible that an SM could break and make a real mess just like a home PC does.

So, it would be to my advantage to park an equipment shack at the tower and put in a Mikrotik router, and subnet each of my 3 APs on different subnets, just to help with traffic,etc…

I am currently just using DHCP to hand out only private IPs to my customers.