Mon Sep 01, 2008 4:59 pm
Mark - Just posting some clarifications here so the other folks know what you started with, what you wanted, and what you ended up with.....
Mark wanted to be able to add a second Hotspot to service other clients in his area. Did not want to disturb the current client base. He also did NOT want to use an EoIP tunnel or WDS.
Started with - satellite modem -> switch-> MT HotSpot, 1 R52 in the 2ghz band
Ended up with - satellite modem -> switch-> MT original HotSpot, 1 R52 in the 2ghz band
.........................................-> MT VAP using original R52->New RB R52 station mode
.....................................................................->New XR2 Hotspot on New RB
What we basically did was add a Virtual Access Point (VAP) to his original Hotspot. Gave it it's own IP address space, SSID, and security profile.
On the new Hotspot we used an R52 as a client (station mode) to connect to the old Hotspot using the newly created VAP. This allowed us to route between the two RBs with minimal effort.
Next we added a new Hotspot on the new RB using a XR2 as the Wlan interface. Again - a new address space and SSID. In this case we also added a DHCP server so the clients would be all set once they logged in. Used the 'standard' Hotspot rules to set up NAT'ing for the clients. Added a few other rules and done.
Now the Original Hotspot doubles as a backhaul for the secondary Hotspot. The two radios are on 2412 and 2462 - so as to minimize interference between the two Hotspots.
The last thing we did was set up Mark's internal network so that his desktop could access the two Hotspots and the Internet at the same time...something Mark had not been able to do because of the way he was connected to his internal network....
Look at the original setup above, Mark's desktop was connected to the same switch as the original Hotspot and the Satellite modem. He was getting a DHCP addr and GW from the Satellite modem......
What we did was add a new internal network IP to the original Hotspot ether1 interface. Now ether1 has two IP address blocks, one assigned by the satellite via dhcp and one static that we assigned (172.16.0.1/24).
Next we added this address this address to the desktop - 172.16.0.2/24 (255.255.255.0) GW=172.16.0.1 and the dns we set for the RB Hotspot as well - 172.16.0.1.
Back in to the hotspot - we added DNS entries in DNS 'setup' and allowed remote requests..... Now in the Firewall we added a special NAT rule to ONLY NAT the new 172 addr-space when going to the Internet - otherwise is does not get NAT'd. This was accomplished by the rule; src-addr=172.16.0.0/24 dst-addr=!172.16.0.0/24 out-interface=ether1 action=masquerade Now this rule does exactly what we want - NAT datagrams that are only destined for the Internet. All other datagrams from the 172.16.0.0/24 block headed else where will not be modified....
One last thing - we also, for good measure, added a route in the new HotSpot for the new network - 172.16.0.0/24 - we told the new Hotspot that the gateway for this IP block was 10.10.10.1 - the original HotSpot VAP IP address.
Now Mark has access to the Internet, and both RBs from his desktop. He can also access both RBs from inside his wireless HotSpot network as well.
Well done Mark!!
R/
Thom