PPPOE for Res traffic. VLAN's for Biz. Public IP's are statically
assigned. DHCP for CPE's MgMt IP assignment. PPPOE session and CPE's
connection to the AP authenticated by Radius. Radius Accounting is
used for traffic billing and session info.
Per site: 2 VLANs for MgMt (1 for Tower/AP/UPS etc and 1 for CPEs) and 1
VLAN per AP for PPPOE or a dedicated VLAN per Biz. AP's are bridged for
CPE's PPPOE to NAS. uPnP enabled CPEs. Cust Routers are not allowed to
initiate PPPOE. PPPOE NAS's are mostly colocated tower sites so that
backhauls can see QOS markers on traffic and not just a Tunnel.
BGP Advertises IP range per Fibre POP and feeds 0.0.0.0/0 into OSPF for
redistributing routes inside the AS. Infrastructure MgMt is on RFC1918
and customers are Public IPs. Firewall rules on NAS/Router/CPE prevent
Customer IP's from reaching MgMt IP's.
Mikrotik for all routing. Netonix for most switching. Mikrotik for most
PtMP (probably uncommon) but LTE is Telrad in areas where it is
deployed, which skews the above architecture a bit :( LTE is not for
newbies though.... mind you maybe Mikrotik isn't either lol... but in
13 years I've never been floored by a virus "infecting" my gear ;-)
Cheers,
Ian
On 10/21/2016 3:07 PM, Jordan de Geus wrote:
Hey guys,
I'm very new to the WISP industry and I've been curious to know how
people are designing their WISP networks.
Are you creating VLAN's for each connection point? So your backhauls
are all in one VLAN, while all AP to client connections are in
another VLAN?
I had been thinking about how the above VLAN based design would be,
in terms of security, and I realized that if all CPE's were in one
VLAN together, wouldn't they be able to cross communicate? So an AP
with 30 clients operating in VLANX, would essentially be able to
communicate to each other, bring security as a major issue. I was
thinking that you'd be able to do VLAN's for each customer, but doing
a PTMP setup for residential purposes, I feel like the system would
be quite bogged down with that amount of vlans?
How are you authenticating and issuing IP's to clients? Are you doing
PPPOE or DHCP? Is everything just in routed tables?
What sort of hardware are you using for your network design and
management?
Kind Regards,
Jordan
_______________________________________________
Wireless mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/wireless
--
Ethan Dee
Network Admin
Globalvision
864 704 3600
[email protected]
[email protected]
864 467 1333
_______________________________________________
Wireless mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/wireless
_______________________________________________
Wireless mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/wireless
