Starting a WISP - How to configure?

Chofex · Thu Aug 31, 2006 6:17 am

I'm starting a WISP using RB532 with two SR5 for the AP and 20 RB112 with 65mW 5.8GHz Atheros transmitter.
And I'm not sure how I should configure my network...
At the AP, I'm using 3 ADSL lines and one full (expensive) DSL line.
My first choice was to configure my RBs as one big hub using WDS. But I keep
I hI'm starting a WISP using RB532 with two SR5 for the AP and 20 RB112 with 65mW 5.8GHz Atheros transmitter.
And I'm not sure how I should configure my network...
At the AP, I'm using 3 ADSL lines and one full (expensive) DSL line.
My first choice was to configure my RBs as one big hub using WDS. I connected my 4 modems to a switch, and the switch to RB532. So each client configured his PC to point to the gateway he desired. But IPs are assigned statically, and twice already I have missconfigured two PCs with the same address... and get random errors. (Besides, clients CAN change their addresses, and that’s a problem)

I decided later to route “by hand” every client, configuring RB532 as AP and RB112s as stations, with three different networks (DSL to eth1 on RB532; wlan to wlan; and eth1 to Client PC) But it’s really demanding to keep creating each route by hand.

If I were to use PPPoE or Hotspot, or something else...
How should I configure my network?
Can you point me to something a bit more friendly than Router OS manual?
In your opinion, which is the best alternative to use?
How should I configure each subnet...

Sorry, those are many questions... ANY help is better than nothing, so, if you can, please drop me your opinion!

Chofo

hecklertm · Thu Aug 31, 2006 8:40 am

I don't mean to sound negative, but you don't need "Wireless Networking" help. You need a network engineer who knows how to setup an ISP to help set it up for you. Maybe you should look for a person you can contract or hire who lives in your area. Good luck!

Chofex · Fri Sep 01, 2006 6:48 am

OK, maybe you can point me to a beginner's HOWTO or book...
I can afford a few hours of advisement, but nothing more. I'm on my own, so if you can, please, point me in the right direction!

UniKyrn · Fri Sep 01, 2006 7:31 am

I don't believe you understand just how big the task you've just taken on is going to be. I second the suggestion that you find a qualified network and systems admin to help you.

Chofex · Mon Sep 04, 2006 6:49 am

OK, thanks.
Maybe you can give me an idea of how much I'll need to pay for a job like this.

UniKyrn · Mon Sep 04, 2006 7:01 am

I'd normally recommend you go buy a hell of a lot of books about network design, but since you're already in motion, it's too late for that. Now you need to find somebody that can get your network working, and it may be harsh, but you pay them what they ask.

Starting a WISP is not just buying the hardware and turning it on. You either know what you're doing to begin with, or you pay somebody who does, and it's probably going to cost more if you hire them when you're in trouble instead of when you're still designing things.

Being a WISP is not simple or cheap, and you're not going to learn everything you need to know by buying a MikroTik, running through the simple setup and then asking a few questions here in the forums.

titius · Tue Sep 05, 2006 3:44 pm

wel obviously guy will buy bandwidth and " share - sell " to people in his area, setup a HOTSPOT on Mirotik and woila you are ISP.

lol

jdejansb · Tue Sep 05, 2006 3:48 pm

... setup a HOTSPOT on Mirotik and woila you are ISP.

lol

still, isn't it better to make PPPoE logins ? (or does it make much a differance?)

D.

titius · Wed Sep 06, 2006 12:42 am

well HOTSPOT is easier to setup

for a begginer, at least its easier for me, though Im not running ISP services

.

eugenevdm · Thu Sep 07, 2006 9:18 pm

Maybe you can give me an idea of how much I'll need to pay for a job like this.

You will need to pay about 100 hours to get it going THE RIGHT WAY and maybe another 1000 hours to become successful.

simonkizi · Thu Sep 07, 2006 10:39 pm

I advise you to go for PPPoE.

Setup a good radius server, and set the Mikrotik towers to authenticate through your radius server.

Then you will have a centralized system for authentication, and your clients would be able to authenticate through any of your towers. Also, if you set up a lot of towers to cover everywhere in your area, you may end up providing a Non-Line-of-Sight service.

A good practice then would be to consider client units that accept multiple SSIDs. You can search for VOIP Wifi phone units that support multiple SSIDs and PPPoE. Then you will be providing a private Voice communication service within your area.

Remember to setup WDS on your backbones as I think it is better or even neccessary for Radius authentication, mostly for Mac authentication.

Good Luck

titius · Fri Sep 08, 2006 12:21 am

Come on guys, Radius server, chofex cant setup a Mikrotik HotSpot, and you are telling him a Radius???

Chofex · Fri Sep 08, 2006 6:27 am

I only have 20 clients, and probably will have less than a hundred for the next two years, that's plenty of time to learn how to use this stuff!
For the moment, I'm migrating from my actual 'WDS city size hub' to a 'hard wired (static) routed' configuration.
I’ve setup my central AP pointing to each modem for gateways, and assigned a static IP to each client, and I'm creating by hand each route to them. Each client has a DHCP server for the private network each user has.
And that's it!
If I'm to have so few clients, why bother configuring anything else?
I mean, it works, it's easy to setup, fail proof, and costs very little money.
The reason for doing this is that some clients change their IPs without my knowledge, and when they ‘step’ on somebody’s else address, the whole network goes down.

BUT, I asked because I'm really interested in knowing how to grow up, which technology should I choose, etc.
I know I can manage this way till I grow 50 or 100 clients, THEN, I WILL HAVE TO implement a better configuration.
RADIUS ? I'm not sure, I think I will still manage with plain PPPoE or HotSpot till I grow 200 clients or so, don’t you think?

I was hoping someone could point me to the right steps to follow. Rome wasn’t built in a day!

Thank you very much for all of your comments, I’m really learning!

pacman · Fri Sep 08, 2006 10:51 am

We currently have around 340 customers on our networks. They all have static IP addresses (though generally this is built in to our wireless cpe units and password protected), we do not use pppoe/radius (though I do accept I may move across at some point), and have a routed network with static routing (I have not yet got to trust ospf etc!).

simonkizi · Fri Sep 08, 2006 12:47 pm

The reason for doing this is that some clients change their IPs without my knowledge, and when they ‘step’ on somebody’s else address, the whole network goes down.

With Radius or PPPoE doesn't Matter, you can specify static IPs for each client. The client shall not really have a choice. Also, with PPPoE you will have tha advantage of skipping crappy WEP or WPA encryption and rather use PPPoE encryption. In other words the data goes through the wireless media already encrypted - and compressed if you wish - without placing excessive load and bandwidth consumption on your client radios. Also, security wise, no one will be able to connect to your towers unless he has a PPPoE username and password. You can also set protection against Brute Force attack. That is what makes PPPoE more secure.

Also, with PPPoE you can manage client bandwidths better. When you set queues with static IPs, the data gets limited only when it reaches the Mikrotik, so the client can still launch excessive data loads, and they only fill up your Tower's ram. Where as with PPPoE, the speed is set starting at the client's PPPoE connection. The minimum transmission rate from the client on a normal setup is 1Mbps, even if you set a queue on the tower. With PPPoE, well you can make it example 1Kbps if you wish.

If you need more assistance please post, as everyone has the right to learn.

Good Luck

eugenevdm · Fri Sep 08, 2006 1:59 pm

Yes I agree Radius is the way to go, I also battled for a long time to decide between IP based routing and PPPoE and PPPoE really is better. Especially considering that you can run IP Pools from a central database. If you're going to pursue Radius your choices are learning FreeRadius (which can get quite complicated if you're not familiar with Linux) or using the new and very cool User Manager package in MT which has Radius functionality. I'd start off by learning to use the User Manager package in MT and then maybe later graduate to FreeRadius.

Fri Sep 08, 2006 4:01 pm

pppoe encryption is more crapy than WEP... because it is using the same RC4 as WEP and the key is changed one in 256 packets (statefull) or for each packet (stateless). And even more, the statefull encryption isn't working well when you have packet drop.
Best solution is to use IPsec

titius · Fri Sep 08, 2006 9:20 pm

Use ARP on Mikrotik to solve IP changing problem.

piri · Sat Sep 09, 2006 11:15 am

Hi Chofex

If you use our radius server software you can be up and running in minutes and I mean minutes, but you will need as least to be able to setup a hotspot and radius in the MikroTik First, that is not hard either.

See the following link, ou can download and run the program for free for 30days.

Each AP Hotspot can be is a gateway device in the software so your user can roam to any AP. You can add as many devices as you like.

http://www.traffictracker.co.nz

Regards

Piri

jdejansb · Sat Sep 09, 2006 12:06 pm

... Also, with PPPoE you will have tha advantage of skipping crappy WEP or WPA encryption and rather use PPPoE encryption. In other words the data goes through the wireless media already encrypted - and compressed if you wish - without placing excessive load and bandwidth consumption on your client radios. Also, security wise, no one will be able to connect to your towers unless he has a PPPoE username and password. You can also set protection against Brute Force attack. That is what makes PPPoE more secure.
...
Good Luck

Is there a problem leaving WEP on, just to block random users with mobile devices to connect to WiFi? (I know that every protection is brakeable, but still...) And, also, if WiFi access is left with no enc. should it have NO dhcp server on it??

D.

jdejansb · Sat Sep 09, 2006 12:09 pm

...very cool User Manager package in MT which has Radius functionality. I'd start off by learning to use the User Manager package in MT and then maybe later graduate to FreeRadius.

Is UM limited to 10 users with MT license lev.4 and one should buy L6 to have UM fully functional?

D

Chofex · Sat Sep 09, 2006 11:50 pm

pacman: 340 clients with static address! wow, I guess I have plenty of time to decide my move!

simonkizi: Thanks a lot for your support! I was afraid to be bothering everyone in this community, and then you encouraged me to post... well, that's very kind of you!
I’m shaping bandwidth at the client’s side (remember I have RB112), so my central equipment doesn’t have to worry about it.
As far as I learned, your suggestion of using PPPoE really makes sense. Thanks again!

eugenevdm: MT User Manager + PPPoE, that’s the way to go!

uldis: I’m still using NO encryption at all, as nobody else is using MT round here yet. But when I use it, I’ll follow your tip

titius: I’m told PPPoE is as easy as HotSpot, and lighter, so I think I’ll use PPPoE (remember I manage everything from RB532 on top of tower).
ARP is the way to go, thou it demands quite a job to keep everything registered!

piri: thanks for the offer! I guess I’ll try MT User Manager first. I visited your web, it’s nicely done, thou you could improve the spelling!

Thank you all guys!
I’m really learning. I hope some day I’ll be able to contribute to this community as much as you’ve done!

simonkizi · Sun Sep 10, 2006 4:05 pm

I’m still using NO encryption at all, as nobody else is using MT round here yet. But when I use it, I’ll follow your tip

Don't worry about WEP or WPA encryption. You can encrypt the data with PPPoE Encryption that is far better than the prior two and allows you to save data processing on your wireless cards.

Remember when you setup your AP as a PPPoE Server on the tower, don't assign any IP to it. So even if someone connects, he cannot go further than the wireless link. Well yes, he may be able to link two radios together, and communicate for his private use... Correction, remove default forwarding. No more direct wireless connection! So all that an intruder would enjoy is linking to a tower without IP communication. Only if the client or intruder authenticates would he be able to access the IP Network.

The IP of your PPPoE server will be setup in your PPPoE default profile, or whichever profile you assign to your PPPoE server. You can also specify the speed of your clients' connections in the profile.

Chofex · Mon Sep 11, 2006 6:38 am

I guess following the example in RouterOS's manual on PPPoE will work, straight as it is.
Well, that wasn't too hard, no?

I'm now planning how to migrate from my actual bridged WDS to this PPPoE configuration the quickest way, so none of my customers even notice...
I'll have to make changes sometime around 4 AM or so, the hard life of the ISP!

Starting a WISP - How to configure?

Starting a WISP - How to configure?

Radius Server

Who is online