VLAN for hotspots

As I mentioned previously, our network is set up with static public routable IP addresses for all our customers.

I have some locations that are to be airCloud WiFi Hot Spots. I would like to direct the traffic from these hotspots to a subscriber gateway at our head end (rather than a gateway at every location).

Here is my idea:
Set up a HotSpot WiFi AP at a coffee shop - call it something like airCloud_WiFi.

Connect the WiFi AP and the store’s router to a switch and connect the switch to the SM.

Tag traffic coming onto the SM with VLAN100.

At the root switch at the head end, tag Port 20 as VLAN100.

Connect root switch port 20 to the network port of the subscriber gateway.

Connect the WAN port of the subscriber gateway to port 19 of the same root switch (which has access to the Internet.)

In theory, any computer connecting through an SM that is on VLAN100 should be directed to the subscriber gateway. We would add the store’s computer and network device MAC’s as devices do they will always have access.

True of False:
1. The subscriber gateway will have DHCP enabled. Only users on VLAN100 would be able to obtain IP addresses from the subscriber gateway.

2. Since the rest of the network is all static public IPs, there is no need to Re-IP the network.

3. I can leave the SM management IP address as-is.

If this seems basic I apologize. It’s all very new to me.


Jerry, we are doing exactly that and it works fine.

we use the Nomadix AG5000 as our WiFi controller box and this box assigns IPs via DHCP. We set the SMs that will connect to wifi boxes as bridge and the wifi clients get their IP via DHCP all the way from the Nomadix box that also take Credit Card payments.

Thanks for the reply.

Are you using VLANs in the way I described?

Yes we are…

Cool - thanks. I’m off to set up the Nomadix…

are you running V8… are all wifi hotspots on the same VLAN…

more specifically… how are you stopping clients on one AP from talking to clients on another AP…

we did a similar thing, but we started to get gamers using these coffee shops to start playing games between them… because they were all on the same subnet they never needed to hit the gateway, hence no registrations/authentication required…

we had to do some changes…

Also you mention Nomadix… how do they compare to hotzone Duo

Hi VJ,

WE are running V8 wherever it doesn’t give us problems. we have had some wierd crashes and behaviour with some SMs running V8 that disappeared when we switched them to 7.3.6

The Nomadix is a gateway. Our APs are SkyPilots. All works well and even the gaming scenario that you mention requires the users to be subscribed unless you wallgarden your own subnet.

We don’t have to stop AP to AP communication because the AG5000 handles all of that.

We are also using it to offer residential services. In this way as soon as a residential user expires, all he gets is our login page and a request to hit his Credit Card… avoids us chasing for payment.

Once a residential customer is un-renewed for 30 days, we pull out the install.

I’m missing something. I am not getting to the Nomadix from a VLAN enabled SM.

Here is the configuration:

Router to the Internet - Root Switch Port 1, VLAN 1

Nomadix WAN Port - Root Switch Port 17 VLAN 1
Nomadix LAN Port - Root Switch Port 18 VLAN 100

Backhaul at NOC - Root Switch Port 22 - Multi VLAN 1, 100

900AP - Enable VLAN, Dynamic Learning, Allow all Frames

900SM - Untagged Ingress VLAN 100, Management VLAN 1

I set Root Switch Port 24 to VLAN 100 and connected a laptop to it. I get forced to the Nomadix so I know that part is right.

with VLAN 100 enabled on the SM I get nowhere. If I assign a static management IP address to the laptop I can’t even get to the AP.

Can someone explain it so a 4 year old can do it cause I am definately missing something here.


with VLAN 100 enabled on the SM I get nowhere. If I assign a static management IP address to the laptop I can't even get to the AP.

Not sure here, but when you enable VLANs on an AP, do you have to set a Management ID for the AP? If so, and assuming that MID is 1, your SM is tagging everything going over-the-air as 100. This wouldn't allow you to get to the AP web interface.

Sniff some traffic and check the L2 headers.

I feel your pain.

Also, how is your Nomadix addressed? Is it doing NAT? How is the PC connected to the SM addressed?

If the PC connected to the SM is public, I would think the LAN interface of the Nomadix would need to be on the same subnet as that PC.

What happens if you disconnect the cable going from Nomadix WAN to your switch, and leave the LAN cable in place?


Your config sounds fine. The Nomadix does not mind what IP address your PC or client has, it will ovveride it anyway.

Have you set your SM to be a bridge? Have you set the SM Dynamic VLAN Learning to OFF ?


The Dynamic Learning on the SM may be it.

I’ll play with it Sunday


Jerry Richardson wrote:
The Dynamic Learning on the SM may be it.

I'll play with it Sunday


Jerry, what were your results? Did turning off Dynamic Learning fix your problem?

I have not done anything with it. Had a little difficulty and had to roll back. I need to do it on a weekend late at night.

To confirm that I have this straight, here is the full path from the client WiFi device to the Internet:

Hub/Switch (allows admin router to connect to SM)
Trango Atlas 5010 Master
Trango Atlas 5010 Slave
Cisco 2924 Port 23
Cisco 2924 Port 18
Nomadix Subscriber Port
Nomadix WAN Port
Cisco 2924 Port 17
Cisco 2924 Port 1
Cisco 3650 Router

If I understand correctly this is how things should be set up:

[u:3t8z51rg]SM Configuration:[/u:3t8z51rg]
- Dynamic Learning = Disable
- Allow Frame Types = All Frames
- Untagged Ingress VID = 100
- Management VID = 1

[u:3t8z51rg]AP Configuration:[/u:3t8z51rg]
- VLAN = Enable
- Dynamic Learning = Disable
- Allow Frame Types = All frames
- Management VID = 1
- Allow Local SM Management = Enable
- VLAN Membership = 100 (static)
CMM Comfiguration:[/u:3t8z51rg]
- None

[u:3t8z51rg]Trango Configuration:[/u:3t8z51rg]
- None

[u:3t8z51rg]2924 Switch Configuration:[/u:3t8z51rg]
- Port 23 = Multi-VLAN 1, 100
- Port 18 = Multi-VLAN 1, 100
- Port 17 = Static VLAN 1 (no change)
- Port 1 = Static VLAN 1 (no change)

With this configuration
- SM will accept all traffic and tag it VLAN 100.
- The AP will allow all traffic tagged or not passing VLAN 100 on.
- The CMM has no effect
- The Atlas’s have no effect
- Port 23 on the switch is a member of VLAN 1 and 100 and allows VLAN 100 to enter the switch.
- Port 18 on the switch is a member of VLAN 100 and passes that traffic to the Nomadix.
- Port 17 on the switch passes Nomadix traffic out to VLAN 1 and the router.

Am I missing anything?


I’m curious about this as well.