User of Routers

Am trying to gitch this issue of Canopy stuff. As esperienced canopy users, do u recommend use of routers at the customers promises… after the SM…

Shot answer, yes. I never ventured to try putting an SM into NAT mode. I think there still may be a few bugs that exist in the firmware. We usually terminate the SM into SOHO or Cisco routers.

We use Belkin.

We have turned on NAT for most of our customers - there are a few problems but none too terrible. The worst is that the SM’s are terrible slow sometimes at handing out DHCP addresses.

A few customers want VPN capability (with a static public IP) and the Canopy radios seem to block one the protocols (GRE I think) for VPN’s. I don’t much about VPN’s (I hope to learn), so we would just turn off NAT and let them use their own router of VPN endpoint. Works quite well.

Aaron

Aaron, that is something we have noticed also… Do you think canopy will be able to fix that? Most of our Rezi’s who have a VPN have to be setup with a static IP. Kinda annoying sometimes.

Zach

We REQUIRE a router (Linksys, DLink, Netopia, Netgear, Cisco whatever) at the customer location. This is to keep their PC’s from having an exposed port with a public IP. The router takes the abuse.

We provide the router for 89.00 or they can acquire it.

We generally use the Linksys Wireless routers - customers like the extra bonus of having WiFi in the house of office. Obviously we secure each WiFi AP.

We also require the customer to use a router, unless they have only one PC. I’d rather see a single ethernet device on the SM than 4 or 5. Having routers on each SM will help keep your bridge tables small, preserve your IP space, and help keep unwanted traffic off your wireless channels.

Thanks 4 the info… i have been doing some tests but well didnt very much know much about bridging, switching, vpn, vlans and their importance. but at least i can now see the importance. (please if any one a good url on vlans and implimentation , will appreciate). Am also looking at being able to provide a local loop (for other providers, (point to point links over canopy system)). using canopy, has anyone tried this ? will appreciate some hints on that.

Not sure if Canopy will fix that issue with GRE or not. I guess we’ll see what the future brings. Until then we do what we do…

As for the routers and such, my entire network is behind a m0n0wall. All of customers make up one giant private network with every SM having a static private IP. I do the routing to them via the m0n0wall. The very large layer 2 network is divided into much smaller broadcast domains using VLANs. All of this gives me quite a large amount of control.

We have also been doing a lot wireless routers at customer locations. It sure beats running cable all over the buildings. haha

Aaron

When you guys mention the flaw of the SM’s handling the GRE protocol, we are assuming that NAT is enabled, correct? I only ask because when the SM is in bridge mode, GRE and PPTP VPN traffic passthrough fine.

Yes, only when NAT is enabled. Everythying works perfectly when in bridge mode.


Aaron

We use d-link for firewall purposes only unless they have XP with service pack 2

Am used to Edimax or Linksys. So that SM is only supplying to the WAN port of the router.

I also have experienced the sometimes incredible slowness to it-feels-like-it-aint-workin with respect to NAT and the SM then handing out an IP address(es) to the customer’s PC(s). I really prefer to use the SM for DHCP at the customer premise and putting the IP address at the SM. It also cuts the layer two traffic. (ARP). My questions are: What IP addresses are you handing to the SM - public or private. With a DHCP server in place to hand out IP addresses to the customer’s PC, if NAT is “on” the SM will get the public IP address. Or are you using two different DHCP servers for a public and private range. Or are you applying a private static IP to the SM, then using NAT to apply a public AP address to the customer, and then setting up the DHCP feature on the SM with only the assigned public IP ranges that customer can use - essentially giving the customer a static IP range and limiting them to one, two or however many IP addresses they need, or…
well, this conversation can go many directions. What are some of the things being done with respect to assignment of IP addresses, public or private and NAT - No NAT? I will post this question on a new thread.