Page 1 of 1

Best control over CPE devices

Posted: Wed Feb 22, 2012 9:22 am
by pospanko
Hi all, I have some questions about monitoring and controlling CPE devices.
My network is routed with OSPF and I have lots of EoIP tunnels coming from my AP's to my central location. On every AP, EoIP is in bridge with wireless interface.
CPE devices are in "station-bridge" mode with wlan and ehternet interface in bridge.
I'm using hotspot (on bridge with all EoIP tunnels bridged) in central location.
Now I don't have access, except MAC-telnet, to my CPE devices. I want to reconfigure my network so I can access, benchmark and control my CPE's (so that I have full speed access and users just speed I gave to them) but to keep them simple with as low as possible config on them.
Any suggestions?

Re: Best control over CPE devices

Posted: Wed Feb 22, 2012 11:25 am
by vik1988
is this a Routed network or a bridged network.

Re: Best control over CPE devices

Posted: Wed Feb 22, 2012 11:27 am
by pospanko
is this a Routed network or a bridged network.
Routed. Because of that I use EoIP tunnels.

Re: Best control over CPE devices

Posted: Wed Feb 22, 2012 2:38 pm
by rodolfo
you must assign an ip to each cpe.
use a dhcp server on every AP (linked to the wlan) and pass to the cpe the ip and the default gateway (the ap itself)

Re: Best control over CPE devices

Posted: Wed Feb 22, 2012 4:03 pm
by pospanko
you must assign an ip to each cpe.
use a dhcp server on every AP (linked to the wlan) and pass to the cpe the ip and the default gateway (the ap itself)
I'm not shure how would this help me bacause all my interfaces are in bridge or you suggesting to remove bridges?
I need to "preserve current setup" in way it is working now (All shaping must be on central router where I decide how much concurent users I'll give to each client, speed limits, etc.)

Re: Best control over CPE devices

Posted: Wed Feb 22, 2012 9:12 pm
by rodolfo
wlan1 could belong to bridge and be reachable directly if it has an ip

Re: Best control over CPE devices

Posted: Thu Feb 23, 2012 9:18 am
by pospanko
wlan1 could belong to bridge and be reachable directly if it has an ip
I already tried that. Added IP to wlan on CPE + default route and IP to wlan on AP. Sometimes it works, sometimes not. Probably because of bridge. With that setup, I can ping CPE, then I get few timeout, then few pings, then timeouts...
Plus that, my CPE gets IP address from my hotspot via EoIP tunnels (which I don't want) and I can't set DHCP server on AP to wlan interface, it's invalid (only to bridge). Beside that, other users on that IP can add same address to their router or NIC or something, and then my setup isn't working any more. And users are getting IP from DHCP server on AP because it's on bridge.
This is why I'm trying to reconfigure my network. If that would work, there would be no happier man on world.
I need to have IP access from my network to router but clients must be tunneled to central location.
This is my original post.

So, after some testings, I get this as conclusion. DHCP is not an option because users also can get IP address from IP (is there a way to block this, so only CPE could get IP?). When I use non standard ranges, like 192.168.77.128/25, then I can ping CPE's all the time. But when I use range, like 192.168.1.0/24, which some user have on their wireless routers at home, then I can be shure which one I ping, CPE or user router.
Is there any suggestions?

Re: Best control over CPE devices

Posted: Fri Feb 24, 2012 10:15 pm
by pospanko
Anyone?

Re: Best control over CPE devices

Posted: Sat Feb 25, 2012 9:40 pm
by rodolfo
your custome connect using pppoe?

Re: Best control over CPE devices

Posted: Sun Feb 26, 2012 9:17 am
by pospanko
your custome connect using pppoe?
No, my costumers use hotspot access. But I want that my users go direct to central server location, not to go trought my routed network. Because of that I use tunneling.

Re: Best control over CPE devices

Posted: Tue Feb 28, 2012 10:11 am
by pospanko
How do you setup your network? How do you use CPE devices? Do you use tunneling? I'm talking about routed network via private address space.
Thx

Re: Best control over CPE devices

Posted: Tue Feb 28, 2012 8:08 pm
by rodolfo
my network is routed.
cpe connecting to access point receive in the vlan an ip from the AP pool
the ap bridge the wlan and an eoip tunnel.
the eoip tunnel is terminated to a concentrator with a pppoe server (not an hotspot)
the cpe receive a public ip via the pppoe client then give to the customer internet access via masquerade.
the customer receive a dinamic ip from the ethernet of the cpe
the access point share routing informations of the wlan pool sending connected routes via ospf
i have no problems to reach the private ip of the wlan of the cpe from anywhere of my network.

in some cases the customer have a router with pppoe client (a voip router). in this case I bridge the wlan and the ether1 of the cpe and the wlan mode is setted as station-bridge.
also in this configuration i have no problems to reach the private ip of the wlan of the cpe from anywhere of my network.

Re: Best control over CPE devices

Posted: Tue Mar 06, 2012 4:25 pm
by pospanko
my network is routed.
cpe connecting to access point receive in the vlan an ip from the AP pool
the ap bridge the wlan and an eoip tunnel.
the eoip tunnel is terminated to a concentrator with a pppoe server (not an hotspot)
the cpe receive a public ip via the pppoe client then give to the customer internet access via masquerade.
the customer receive a dinamic ip from the ethernet of the cpe
the access point share routing informations of the wlan pool sending connected routes via ospf
i have no problems to reach the private ip of the wlan of the cpe from anywhere of my network.

in some cases the customer have a router with pppoe client (a voip router). in this case I bridge the wlan and the ether1 of the cpe and the wlan mode is setted as station-bridge.
also in this configuration i have no problems to reach the private ip of the wlan of the cpe from anywhere of my network.
Yes. I have similar setup. If I would have same setup as you have, I must install hotspot on every CPE which is not the right way to go... In my opinion.
As you mantioned, you have IP address on every wlan interface. But, how to give IP to wlan on CPE and prevent user to get IP address from same dhcppool on AP instead of hotspot dhcp from central location? Wlan is in bridge with ethernet on CPE so user can be assigned with IP address from AP.

P.S. How is your MTU setup on PPPoE? Did you tried VPLS? Thx

Re: Best control over CPE devices

Posted: Tue Mar 06, 2012 8:05 pm
by rodolfo
i do not have an hotspot in each cpe
my cpe are routed: wlan in station, and nat-masquerade.
in this mode users cannot access to the dhcp server of the ap

my mtu is 1472

yes, i plan to use vpls infew weeks

Re: Best control over CPE devices

Posted: Tue Mar 06, 2012 8:51 pm
by pospanko
i do not have an hotspot in each cpe
my cpe are routed: wlan in station, and nat-masquerade.
in this mode users cannot access to the dhcp server of the ap

my mtu is 1472

yes, i plan to use vpls infew weeks
Thx for response. Yes, I understand the way your network is designed. I must get rid of hotspot and all of my problems would be solved. Just please send info about vpls when you implement it. I'm curios how it works. Thx

Re: Best control over CPE devices

Posted: Wed Mar 07, 2012 5:31 am
by che
I want to reconfigure my network so I can access, benchmark and control my CPE's (so that I have full speed access and users just speed I gave to them) but to keep them simple with as low as possible config on them.
Any suggestions?
Is there any reason why your CPEs are set to bridge besides "simplicity" of doing so? It horrifies me when I imagine that you connected all clients' ethernets to your concentrator.

My suggestion would be removing bridge on CPEs, and puting them in NAT mode with DHCP server on ethernet and DHCP/PPPoE client on WAN depending on what you send from your concentrator to APs. This is somewhat standard configuration, and it is very simple to set up (you can make generic backup file with mentioned configuration and load it easily into new devices). You would gain control over CPE and distinguish customer's network from yours.

Re: Best control over CPE devices

Posted: Wed Mar 07, 2012 9:17 am
by pospanko
I want to reconfigure my network so I can access, benchmark and control my CPE's (so that I have full speed access and users just speed I gave to them) but to keep them simple with as low as possible config on them.
Any suggestions?
Is there any reason why your CPEs are set to bridge besides "simplicity" of doing so? It horrifies me when I imagine that you connected all clients' ethernets to your concentrator.

My suggestion would be removing bridge on CPEs, and puting them in NAT mode with DHCP server on ethernet and DHCP/PPPoE client on WAN depending on what you send from your concentrator to APs. This is somewhat standard configuration, and it is very simple to set up (you can make generic backup file with mentioned configuration and load it easily into new devices). You would gain control over CPE and distinguish customer's network from yours.
Hi and thx for comment.
Yes, I have reason for this setup. I give my clients one simultaneous user account. If they want more devices to be connected in same time then I create new hotspot profile for them and all simultaneous users share one speed via address list, mangle and queue (this is billed separetly). Because of that I bridge ether and wlan on CPE. If I go with NAT on CPE then I can't limit number of clients accessing network. Maybe you have idea how to do this on CPE without creating hotspot on each of them? I hope that you understend how my hotspot is setuup :)
Thx

Re: Best control over CPE devices

Posted: Wed Mar 07, 2012 7:51 pm
by che
Ok, if you want to keep exactly the same billing system you would have to isolate CPE monitoring IPs and client bridge. First thing that comes to mind is creating separate VLANs or EoIP tunnels. I'm guessing VLANs would be easier solution since you wouldn't have to add IP addresses for EoIP termination on every client device and think about tunnel ID's etc.

So basically you need only 2 VLANs on both AP and client wireless interfaces, where one is dedicated only for monitoring CPE addresses and another one for bridging the client traffic. Lets say vlan11 is for monitoring and vlan12 is for clients to utilize in a way you are doing it now with physical interfaces. Only thing you would need to do is change bridge ports:
- on AP instead of EoIP+WLAN it should be EoIP+vlan12
- on all CPEs instead of WLAN+ether should be vlan12+ether
With vlan11 you can do whatever you want - for example create separate DHCP that has no internet access but you have access to it from your NOC.

I would like to add disclaimer that I don't have same setup in my networks. Hope this idea helps.

Re: Best control over CPE devices

Posted: Thu Mar 08, 2012 12:24 pm
by pospanko
Ok, if you want to keep exactly the same billing system you would have to isolate CPE monitoring IPs and client bridge. First thing that comes to mind is creating separate VLANs or EoIP tunnels. I'm guessing VLANs would be easier solution since you wouldn't have to add IP addresses for EoIP termination on every client device and think about tunnel ID's etc.

So basically you need only 2 VLANs on both AP and client wireless interfaces, where one is dedicated only for monitoring CPE addresses and another one for bridging the client traffic. Lets say vlan11 is for monitoring and vlan12 is for clients to utilize in a way you are doing it now with physical interfaces. Only thing you would need to do is change bridge ports:
- on AP instead of EoIP+WLAN it should be EoIP+vlan12
- on all CPEs instead of WLAN+ether should be vlan12+ether
With vlan11 you can do whatever you want - for example create separate DHCP that has no internet access but you have access to it from your NOC.

I would like to add disclaimer that I don't have same setup in my networks. Hope this idea helps.
Thx for idea. I'll try that and inform you about resoults.

Re: Best control over CPE devices

Posted: Fri Mar 09, 2012 1:40 am
by pospanko
Ok, if you want to keep exactly the same billing system you would have to isolate CPE monitoring IPs and client bridge. First thing that comes to mind is creating separate VLANs or EoIP tunnels. I'm guessing VLANs would be easier solution since you wouldn't have to add IP addresses for EoIP termination on every client device and think about tunnel ID's etc.

So basically you need only 2 VLANs on both AP and client wireless interfaces, where one is dedicated only for monitoring CPE addresses and another one for bridging the client traffic. Lets say vlan11 is for monitoring and vlan12 is for clients to utilize in a way you are doing it now with physical interfaces. Only thing you would need to do is change bridge ports:
- on AP instead of EoIP+WLAN it should be EoIP+vlan12
- on all CPEs instead of WLAN+ether should be vlan12+ether
With vlan11 you can do whatever you want - for example create separate DHCP that has no internet access but you have access to it from your NOC.

I would like to add disclaimer that I don't have same setup in my networks. Hope this idea helps.
Thx for idea. I'll try that and inform you about resoults.
I tried this setup, but no success. I must use WDS but I'm not shure that this is a good choice and way to go also...

Re: Best control over CPE devices

Posted: Sat Mar 24, 2012 5:14 am
by Biehay
Try pptp client in cpe.