The only units i want Natted is the CPE units. All of the units are none mikrotik. Some will be down the line but not right now. Basicaly putting it out in lavender i need to give there CPE unit 1 IP address and every computer router laptop’s they have in there house is not show. All of there ip’s are forwareded through the 1 IP i gave to that CPE unit. First off is this possible? If it is possible How do i go about doing it. I know i beginning in either NAT under the bridge interface or go to IP firewall NAT and masquerade. I am unsure if what im trying to do requires a masquerade. All i want it to give the client 1 IP address and all the IP address beyond the CPE unit are forwareded through that IP address.. Thank you in advance for any replys left. -Jordan
P.S If i had to I would Route.
Anybody have any input on this. Its pretty simple Will it work or not.. Just so i don’t waste my time trying to set this up on a bridged network… I will read the manual if i can NAT on a bridged Network. but even reading the manual I am not sure if it has what I am looking for in there. But I will see. Please let me know guys. thanks -Jordan
jordantrx -
The answer depends on what your CPE is capable of…
If it is strictly a bridge type unit then you would have to put some kind of cheap consumer grade firewall/router behind the CPE on the customers side. (Like a Dlink, Linksys, etc.) There would be one IP for the CPE and in the same network an IP for the firewall. The Firewall would handle NAT’ing the customer IPs to that of the WAN interface of the firewall.
Now if the CPE you have has what’s commonly called a ‘client’ mode then the CPE would have your network IP on the WLAN side and another network on the customer side. It would NAT the customer IPs to your WLAN IP address. This is common practice.
So - you need to determine what you have and what it’s capabilities are and then go from there. Ask the non-MT provider what that CPE can do…
This is an MT forum so really you should be asking the provider of your CPE what can be done… MT has been pretty good about letting things like this go by because you are using MT APs (as I remember form our last discussion - 4 or 5 months ago…).
R/
thank you Thom. Yes i do Use Mikrotik AP’s and CPE’s But for 900mhz. The reason I posted was because I thought that Mikrotik could Nat the connection from the AP side. But as your telling me it can only be done from the CPE side. if that is the case ok. I Will most likely be using Tranzeo as my CPE units on the 2.4 ghz end. and as i already said Mikrotik for 900mhz. If that is the case and i cannot then i will look into the tranzeo capabilites of natting the network.. Thanks for your help Thom greatly appreciated. -Jordan
Jordan -
Sorry - you misunderstood my reply. I did not mean to say that the AP could not NAT, what I was saying was it is typically done at the CPE…
Yes MT APs can NAT - you use the natting function in either the bridge (I hope you’re not still using bridging are you) or the ‘standard’ NAT in the /IP firewall…
What you specifically had asked for was could you nat the CPE address at the AP and could you also ignore (basically) anything that was not a CPE address meaning that the client used IPs inside their network would not show up on your network… The only way to stop client IPs is either a NAT in the CPE or a NAT on another box before the CPE (between the CPE and the client network).
R/
Ok If Natting from the AP side does not stop Ip’s coming back from past the CPE unit what does Natting from the AP do exactly??
What do you have against bridging? :-p My entire network of users (at the end of completion) will only have roughly 100+ users with the AP’s being Rb333 and Rb600. Do you believe in your experience this requires routing?
Also for some reason which escapes me at the moment i have to have bridging… But that mite be untrue and just an unwise conclusion of a certain problem i mite have had when trying to route… Let me know Thom Thanks and appreciate your advice on this. -Jordan
Jordan -
NAT CPE IP behind an AP. Well there could be a couple of reasons for doing this… Basically it would to NAT everything from your CPEs (in the right IP address range) to the IP you would want to show up on whatever the AP is connected to…
I have a small wireless leg at a business park that would fit this… The AP’s ethernet is connected right to a T-1 line and has a /29 public IP block assigned to it, the AP/CPEs wireless interfaces have private IP addresses. In my case the CPEs NAT client side addresses (which are all 192.168.5.0/24) to a 10.x.x.x address. At the AP, the AP NATs the CPE’s 10.x.x.x private IPs to a public IP address…understand?
You and I have had that discussion about bridging vs routed. Baasically - bridging means just that - any packet sent to the bridge goes to all nodes in the bridge - that is a lot of wasted bandwidth - especially painful in a wireless network. (When I say everywhere - I mean everywhere. If a customer sends a data packet to the Internet - it goes to every CPE & AP in the bridged network - see what I mean…) I found this out the hard way 7 years ago when my first wireless network hit roughly 40 subscribers…it was damn near impossible to do anything from the NOC side unless it was very quiet (data wise). Users started complaining about slow Internet, page can not be displayed, etc… Well I reconfigured the network in to a routed network - ALL these issues went away. Now my network of over 5000 runs clean and clear…
R/
Interesting story. Good thing you told me or I would have headed down that same road as you did. Thank you very much for that. Now on to Routing! How do i Route. Is it under Routing tab? Or IP>routes tab? I need to know where to start?
I will layout my network the best i can: I have a server at the begging of my network which is hooked to backhaul #1 (yes that is bridged) It is then sent to backhaul #2 1.5 miles away. (It is on the same routerboard as my AP is). set as Pseudobridge, and it is bridged to my Sr2, which is the AP. Now the only Ip I can give out is the 192.168.0.0. With routing I believe i can change this to whatever I want? My question is to you how do i Route rather than bridge and how would i give my clients say a 192.168.5.0 Private IP’s?
P.S backhaul is 5.8ghz connection not that that matters.. - I will be reading the manual on this, but nothing is better than the knowledge of someone who has already done this. The manual is brief and not very detailed on setting up these things
Thanks Thom. -Jordan
I would run station rather than pseudobridge, give that radio its own IP, take the SR2 out of the bridge, give it 192.168.5.1/24 and go from there.
How familiar are you with routing?
Say the pseudobridge (pb) is now 192.168.0.22, gateway 192.168.0.1, SR2 is now 192.168.5.1, add route 192.168.5.0/24 to 192.168.0.22, 192.168.0.0/24 to 192.168.5.1, and 0.0.0.0/0 to 192.168.5.1. Add DHCP server to 192.168.5.1.
Or use OSPF, might be a tad overkill, but makes it much easier to route multiple subnets.
I may have gotten it a bit off, only on my first cup of coffee, but the second is on its way if you have questions.
Jordan -
Drop me a line off forum. See the email address below. Send a little more detail of your network layout (not necessarily IP addresses) just the connections you have now and where you want to go…
I’ll reply and give you my phone number…
Hi Oldman (Glen…) Glad to see you in here as well!
R/
Thom
I sent you an e-mail thom.
Oldman. thank you very much for that Very good outline of how routing is setup. I think by that i got it but havent tried to implement it yet. But sounds like routing is just forwarding or connection of IP’s In your IP. route table. If i knew it was this easy a while ago i would have done it… As Thom says im noticing a slower network all together with every user added… thats why i jumped on the Routing band wagon. - I will reply later when i have more information of how this all worked out and with Thom’s input via e-mail. Thanks -Jordan
Thom helped me quite a bit while I was laying out my network, and still helps whenever I hit a snag. Just trying to pass it on.
I might just hit him up for some help in the next couple of days… lol
Yea he is helping me route my network right now. He def Knows what the hell he is doing!. -Jordan
This is an update on the progress of turning a bridged network into a routed network…
Now with the Big Help of Thom, My network has now been routed and works Great. Clients are letting me know how much faster the internet connection is. Congestion on my network is no longer there. I can now NAT my CPE’s and do much more than what was capable with bridging. So anyone out there that is just starting out and thinking of sticking with bridging and is going to have more than 10+ users ROUTE YOUR NETWORK! Very important if you want good performance. Just Letting everyone know the best way to go is a routed network, Post here for advice and how to do so. and Good people like Thom, Glen and others (me now) will help you out. And thanks to Thom for letting me know in advance before i had to many users, (could have been one BIG headache…) Thanks again Thom. -Jordan
I run a bridged network and do not see what you are describing. When I do a 5 megabit download from my workstation, I only see traffic on the links that it needs to use to get to the internet. Any other radio only shows the traffic for the users on that radio. I have a 40 client network right now and have zero problems with the bridging of my network. Maybe it’s due to the design of my network. I only have 1 public IP which is NAT’d to the internal bridged network. All my radios on the inside run on private IP’s. Each AP has the PPPoE server enabled on it, which hands out IP’s to the client radios, which are then NAT’d to the customer’s internal network on a different subnet. Seems to work well for me, although I am thinking about moving all of the seperate PPPoE servers onto a centralized server to simplify things.
My provider also has a bridged network of around 500-600 clients and while they admit that it would be nice to be routed, the only issue they really have with bridged is the occasional faulty hardware that initiates a broadcast storm.
So I guess I’m always a little defensive when I hear people say “bridging sucks use routed”. They both have their function, and I don’t admit that one or the other is always the best option, but I just wanted to let you know that it CAN work depending on your network and needs.
Joe
jcremin -
Using a PPoE network on a bridge is quite a bit different that just using a bridge, PPoE is almost a routing protocol because of the way you hand out addressing. And if you are using PPoE ‘correctly’ the only gateway is the router that handed out the the PPoE info…
Your ISP is using a wired network, and so they have a little more overhead room than a wireless network does. If they switched to a routed solution, for starters they’d get about a 30% drop in broadcast traffic which could be used for data instead of the bridges talking to each other…
I have used both on both wired and wireless over several years (more than 15) - I can tell you from past experiences that bridging has it’s uses, there is just not that many uses anymore because of all the technilogy we have at hand these days. Routing as a whole is far superior to bridging especially as your networks grow.
That was the point I was trying to make for this fellow. Better to change over while you only have a few users than to try and change when you have 5000 like I do…
R/
Well I certainly don’t claim to be an expert and you have way more experience with these things than I do.
I did have a hunch that the PPPoE variable is a big reason my network hasn’t had any of the issues you described. I feel fairly comfortable keeping my main backbone bridged and using the tunnels to keep the traffic contained. And yes, the PPPoE server is the only gateway that the client gets. I always keep it in the back of my mind that someday I may have to split my network into 2 routed segments or something if it starts to become an issues, but so far so good.
Also, my provider is an entirely WIRELESS network. I know this because I also work for them. The whole network is also bridged like one big switch, but I also haven’t seen the issues of “all traffic goes everywhere” that you describe. Or at least not the traffic which has a certain destination. I’m sure there is some broadcast traffic, but when I login to a radio which has no active users on it, I don’t see any (or much more) traffic than what my winbox session is using.
Joe
I’ve had bridging cause problems.
When moving a multi gig file from one Windows share to another, using 2.9.47 with two 133c bridged for my internet access (just point to point), my net would almost drop out, the 133c would show around 30mbps traffic even tho my file move was local. and no, no hubs involved. May have been a crappy switch.
I do have a WDS bridge to connect my neighbor and my in laws to my local LAN, and I see constant traffic across that network, tho the actual usage only goes where it is needed. Broadcast traffic is probably a steady 20kbps. Multiply that by a few customers and I see where the problem exists.
I am thinking of making my backbone a WDS link so they’ll all be on the same subnet, still working that one out as to whether I’ll try it or not. It would take 4 routes out of the equation. Once I get the third AP in the sequence up, I may try it just to see how it does. It would still be routed from each bridge to a separate subnet for each AP.
Greetings!
I like what I read here. Is there a Wiki or docs on this? A small hypothetical/theoretical example would not hurt. 
I currently use multiple bridges because of the bandwidth wasting deal on a single bridge. But routing sounds like the ticket.
And a quick thanks to galaxynet and OldMan for your participation here.
Yea Joe, My network is not PPPoE, Thus my problems would duplicate much faster and sooner than yours. I only had 3-4 customers on the “bridged” network, and it took 3-4 seconds wait just for it to call up the page and start transferring data, Once the data is in transfer it is fine but it is that 3-4 seconds wait. (For the bridge to pop the packet all over the dang place untill it finally gets to its destination) When Thom helped me make my network a routed network WOW… Soon as i hit enter on the computer BOOM right away page started loading. QUICK. Customers loved it. However I use MAC authentication and user-manager/automated billing, (not a hotspot a Wisp) A Wisp using User-manager… (however i would like user-manager to become more WIsp friendly).. Anyways thats my story. And thanks to Thom my network runs much cleaner/faster nicer …
Thanks a bunch Thom, -Jordan