We have about 100 customers on our network.
Our configuration is to place a private 10.0.x.x IP in the SM, and a public IP address on a Linksys router andletthe router NAT 192.168.x.x IP’s to the customer PC’s.
We use the Linksys as a method of:
1. setting a clear demacation point
2. segregating the customer LAN from our network
3. Filtering spew
4. Keeping a public IP off the customers PC
I was talking to another WISP who said they use the SM to provide NAT, and that in doing this they acheive the same thing as the Linksys.
I can see this working if we assigned private IP’s to our users, but not if we assign public IP’s. Maybe I am missing something. If I put a public routable IP in the NAT private IP, the SM will dish out another Public IP to the customers PC. Is this right?
Can someone clarify this for me? It would save the hassle of installing routers for customers with a single PC.
thanks
Hi jerry thats exactly what we do. we issue privit ip’s to all of our sm,s unless the customer needs a public ip then we put the sm in bridge mode and put the ip in their router.
This really works good to narrow the search down if we are having trouble. ea Ap has it own ip string. this is what one of ours looks like
we also use a cisco router to make our privit ip’s work
NAT Private Network Interface Configuration
IP Address 192.68.76 .1
Subnet Mask 255.255.255.
DMZ Host Interface Configuration
IP Address 192.168.76. Disable Enable
NAT Public Network Interface Configuration
IP Address 172.17.6.52
Subnet Mask 255.255.255.0
Gateway IP Address 172.17.6.1
DHCP Server Network Interface Configuration
DHCP Server Start IP Address 192.168.76.
Number of IP’s to Lease
RF Public Network Interface Configuration
IP Address Interface Enable/Disable Disable Enable
Subnet Mask
Gateway IP Address
You can just put the public ip address in the Advanced Settings - NAT Public Network Interface Configuration - IP Address. This will serve the same function as any home router would.
mattmann72 wrote: You can just put the public ip address in the Advanced Settings - NAT Public Network Interface Configuration - IP Address. This will serve the same function as any home router would.
Matt, could you clarify your above statement? Are you saying to do this with NAT enabled, DHCP server enabled and DHCP client disabled? Is there any other configuration necessary in the SM?
Jerry Richardson wrote: I was talking to another WISP who said they use the SM to provide NAT, and that in doing this they acheive the same thing as the Linksys.
I can see this working if we assigned private IP's to our users, but not if we assign public IP's. Maybe I am missing something. If I put a public routable IP in the NAT private IP, the SM will dish out another Public IP to the customers PC. Is this right?
Can someone clarify this for me? It would save the hassle of installing routers for customers with a single PC.
thanks
Jerry, this is EXACTLY what I've been trying to figure out! I've been racking my brain trying to find an answer for how to distribute a public ip address to the customer through the SM with NAT and DHCP server enabled, and not the customers router. Have you been able to find any more info?
Yes I did.
Grab these files and look at the config screens:
ftp://69.42.24.247/canopy
username: guest
password: guest
In the advanced screen is “DHCP Client Enable/Disable”. Leaving enabled will allow the SM to pull an IP address from your DHCP server if you are using one (same as a Linksys with "Obtain IP Address Automatically). The IP pool can be public or private, and would be a different IP network from your Canopy Management network. You can also have the SM obtain DNS automatically, or you can assign it. We are not using a DHCP server, so I can’t tell you more.
Disabling the DHCP client allows you to assign an IP address to the NAT Public Network Interface Configuration on the IP configuration page. Click enable, then save settings. then go to the IP configuration screen. You will see the section “NAT Public Network Interface Configuration”. This is where you put the customer’s IP address.
Also in the advanced screen is “DHCP Server Enable/Disable”. Leaving enabled allows the SM to assign IP addresses to the customer side clients automatically. Turning this off means you are going to assign the IPs to the cusotmer devices manually.
At the bottom of the IP configuration Page is the RF Public Network Interface Configuration - this is the Canopy Management IP and should be a private network, or a network isolated from the Internet so the Web Interface of the radio does not get hammered with garbage traffic.
Remember that the current NAT functions of the SM do not support port forwarding, or opening of ports. I hear 8.0 is supposed to support it. In the mean time if you need advanced functions, you need an outboard router.
hope this helps.
Jerry,
Thank you so much for the response. Unfortunately I can’t those files, but I think your explanation should be enough. 
Thanks!
edit never mind…I got those files 
IT WORKED!!!
Jerry, thank you SO much! A mystery has FINALLY been resolved. I guess I just have one more question though. By putting a Public IP address (for the customer) under the “NAT Public Network Interface Configuration”, is my SM now open to the Internet? Will my SM get bogged down with unwanted crap?
I know you are trying to do away with customer routers and implement this configuration yourself. How is it working out for you so far?
By the way, thank God for Good Samaritans like you. It seems that the canopy_support team has been MIA recently. And your help has been VERY much appreciated by more than just me on this forum.
Good to hear. I was pretty stoked when I got it to work too.
The Public IP in the “NAT Public Network Interface Configuration” is open to the internet, but is not related to the SM management IP address.
The IP of the SM is the “RF Public Network Interface Configuration”. This is the Management IP of the SM and should be a private IP address.
So far I love it. I wish I had implemented it sooner. I have alot of linksys routers out there, and for the most part they work fone, but when the go bad they don’t just die, that would be too easy. Instead they bog down and make the connection crawl. Makes us look bad.
I learn more by helping, but you are welcome. If we want the costs for SM’s to go down, we have to help lower the operating costs for Moto. Using these forums allows the user community resolve 99% of the problems reducing the amouont of paid tech support needed.
I have been after this for a LONG time. If you run NAt on the SM, the IP that is the Public one is not pingable, nor is there a setting for it. I have left a few posts (long time ago) and have sent many messages to tech support etc., and get no answers.
Every little cheapo router out there has an option to ping the public IP (WAN IP).
We have 400+ customers and keeping tracking of the IPs is challenging enough without having some out there that we can’t ping. Having to “ask” our core router if it knows anything about an IP address to see if it is in use, is a poor way to figure that out.
Paul, PDMNet
Jerry, glad you have got it working. It has worked well for us.
However, all should note - A NATed SM will not pass pptp. Other VPNs have been OK so far.
Adam
adamb wrote:
However, all should note - A NATed SM will not pass pptp. Other VPNs have been OK so far.
Adam
Isn't that something release 8 will take care of? I thought I read or heard somewhere about new NAT options for the SM in release 8.
That would be good news.
[/quote:ogeqtyr7]
ais3101 wrote: [quote="adamb":ogeqtyr7]
Isn't that something release 8 will take care of? I thought I read or heard somewhere about new NAT options for the SM in release 8.
If they ever release it. One might posit Motorola is spending all their time on the Motowi4 stuff these days...
If they ever release it. One might posit Motorola is spending all their time on the Motowi4 stuff these days...
Quietly does it, wouldn’t want to get banned again.....
adamb wrote: Quietly does it, wouldn’t want to get banned again.....
I can live with the shame. $1M in Canopy spending hasn't got me anything with Mot so far... I won't be shy about creating another profile (under another IP as necessary) if they ban this one.
1 Million!!! Doesn’t that deserve something to hang on the wall?
It should…
i have not even got to the NAT options to date. tryin’ to keep to the KIS method (with limited IT knowledge).
The over riding concern i have with implementing NAT at the SM level is that of our customer (the consumer). how do i provide a wireless (or other LAN) network to my customers (business or residential) and avoid the double NATing configuration (that i have read can be of great issue)?
Just connect a Hub/Switch to the SM and then connect the Computers, Wireless AP (non-Router), or other network device to the Hub/Switch
Frankly the SM providing NAT is simpler. If you can log into your SM, and see the Ethernet Interface is linked, then you know the customer problem is inside their network. At this point you can refer them to their computer guy, or refer them to the company you are partnering with to provide in home support. Alternately you can provide support service at the standard rate which people just LOVE.
Clear point of demarcation. I wish there was a DHCP table to tell me if the device has actually pulled an IP address, but I can work without it.