ePMP devices in SM mode can be configured with NAT, Bridge and Router mode.
In NAT mode private IP is translating to public IP to allow for the routing/communication with outside/global network. Packets are forwarded or filtered based on their IP header (source or destination).
In Bridge mode the SM acts as a switch and packets are forwarded or filtered based on their MAC destination address.
In Router mode packets moving from one destination to another on different networks. They are forwarded or filtered based on their IP header (source or destination) using specific static routes and IP aliases configured by the operator. The source IP address does not change through any other routers in the path. Each host will appear as a unique IP address to computers on the internet, as shown in the picture below:
That's why we should use the corresponding routing rules on each hop. Otherwise, traffic goes through default route, which is not to the SM. For example:
We have one router behind AP and we have SM in Router mode.
In this case, we should add one static route on router behind AP and one on SM, as it is shown below:
To configure a Static Route on SM you should open GUI, go to Configuration → Network page and enable ‘Static Routes’. You will see the following table:
Route: When Enabled, it allows the operator to create static routes that will apply to both the Wireless and Ethernet interface of the SM.
Target Network IP: The networks you’re placing in the routing table
Subnet Mask: The subnet mask being used on the network.
Gateway: The address of the next-hop router that will receive the packet and forward it to the remote network. It should be possible to ping the router interface before you add the route.
Description: Provide a description to easily identify the static route and its purpose.
Let’s the add route to the table:
Don’t forget to add the static route on router behind AP
Another basic feature for Router mode is IP Alias. This feature allows to associate more than one IP address to the Ethernet interface of the SM. IP Alias is often used as a mechanism for management access to the device from the convenient networking path. For example:
Let's take the topology that we had above and add to it Router B behind SM with two networks:
To allow access to SM from these networks you should add IP Aliases on SM. To do this, open GUI on SM, go to Configuration → Network page and enable ‘IP Aliases’. You will see the following table:
IP Address: IP address for the alias
Subnet Mask: Subnet mask for the alias
Description: Provide a description to easily identify the IP alias and its purpose
Let’s add IP Aliases to the table:
Don’t forget to add a static route on Router B behind SM and an additional route to SM:
So, the main advantages of Router mode:
- Security (because the administrator can allow routing to only certain networks);
- Routers block broadcast traffic and reduce the size of the collision domain;
- Allows operators to utilize the network resources efficiently;
- Prevent network loops (layer 2);
- Increases the security by the use of layer 3 firewalls;
- Prevents rogue DHCP servers from infiltrating the entire network;
- Increases the scalability across the network;
- Enables redundancy and failover;
- Simplifies troubleshooting by quickly narrowing to certain network segment.
But Router mode also has disadvantages:
- Administrator must really understand the internetwork and how each router is connected in order to configure routes correctly;
- If the network is added to the internetwork, administrator has to add a route to it on all routers manually;
- This mode is not recommended to use with large network because maintaining of it would take a lot of time.