[SOLVED] WISP setup (Newbie)

[Sledneck52]

I am setting up a small WISP and need advice on configuration. I have been using long range wifi adapters for a few years now but I am moving my hosting site. I currently share my internet with a small business but my new site I will have direct line of site. I am also going to share my connection with a neighbor. We don't have high speed internet on our street. I have attached a file of the network map. Can someone review and see if I am on the right track? Suggestions or corrections?

Thanks in advance.
https://photos.app.goo.gl/243Jn7jLwNQyb9WR8
Vince

 

[bill001g]

The devices you have marked in bridge mode need to be run in router mode to have different addresses. The concept of a bridge is that they are all on the same ip subnet.

It will work in general. Running a actual wisp takes very different equipment. You have no control over when the end station attempt to use wifi bandwidth and how much bandwidth they can use.

This is also a very high risk thing to do for the person who actually has the internet connection. Any that anyone does bad comes back to the same IP address. You have to be careful about trusting family members in the same house sometime. All you need is some teen to torrent a bunch of music or movies and you will get everyone shutdown. Unlike a real ISP there is no protection from the laws for someone who does this.

 

[Sledneck52]

The devices you have marked in bridge mode need to be run in router mode to have different addresses. The concept of a bridge is that they are all on the same ip subnet.

It will work in general. Running a actual wisp takes very different equipment. You have no control over when the end station attempt to use wifi bandwidth and how much bandwidth they can use.

This is also a very high risk thing to do for the person who actually has the internet connection. Any that anyone does bad comes back to the same IP address. You have to be careful about trusting family members in the same house sometime. All you need is some teen to torrent a bunch of music or movies and you will get everyone shutdown. Unlike a real ISP there is no protection from the laws for someone who does this.

Thanks for the reply..
The TP-Link 5 port switch is a managed switch that I can limit their bandwidth. They call it a "smart switch" Not really a managed switch but I can set perimeters in the setup. "web based setup"

Are you saying my routers that are connected to the TP-Link 5 port switches (in bridge mode) need to be run in router mode? (don't know the proper term)
Wont that cause a double NAT issue?
I have changed the 3rd octet number on their router giving them essentially their own private network. Did i do something wrong?

Its only one neighbor right now. I have made the rules very clear.
No dark web. No illegal downloading. No devices running Kodi or any streaming service that is violating copy rights.

 

[Sledneck52]

Thanks for the reply..
The TP-Link 5 port switch is a managed switch that I can limit their bandwidth. They call it a "smart switch" Not really a managed switch but I can set perimeters in the setup. "web based setup"

Are you saying my routers that are connected to the TP-Link 5 port switches (in bridge mode) need to be run in router mode? (don't know the proper term)
Wont that cause a double NAT issue?
I have changed the 3rd octet number on their router giving them essentially their own private network. Did i do something wrong?

Its only one neighbor right now. I have made the rules very clear.
No dark web. No illegal downloading. No devices running Kodi or any streaming service that is violating copy rights.

I forgot to mention that "Location one" is a small produce stand. This will only be used for "point of purchase transactions". It won't be offering wifi to customers or employees.

 

[bill001g]

You have no real choice with consumer routers you are going to end up with the mulitple NAT issue. It really only affects game consoles.

The word bridge has very narrow definition. It pretty much means all the devices must be on the same subnet.

It is actually the NAT function that prevent access between the subnets when you do this with consumer routers. Now this is only partially secure. The subnets behind the other routers can not see each other. The device on the main network can not initiate communication with any of these networks either. BUT machines on these networks can initiate session (ie get access) to devices on your main x.x.0.x network.

 

[Sledneck52]

You have no real choice with consumer routers you are going to end up with the mulitple NAT issue. It really only affects game consoles.

The word bridge has very narrow definition. It pretty much means all the devices must be on the same subnet.

It is actually the NAT function that prevent access between the subnets when you do this with consumer routers. Now this is only partially secure. The subnets behind the other routers can not see each other. The device on the main network can not initiate communication with any of these networks either. BUT machines on these networks can initiate session (ie get access) to devices on your main x.x.0.x network.

After looking at my “map” what would you suggest as far as IP addresses or settings?
Again, my home network Is where I want access to all the wireless AP’s , switches and the cable modem. Even if I have to plug into the switch to gain access I am fine with that.

 

[bill001g]

Your best option is to have no machines on the main network only your switches and AP and of course he main internet router.

Every other device would be behind one of secondary routers. Each of these router would treat the network between themselves and the main router as internet. The NAT would prevent any traffic from flowing between the machines behind different routers.

 

[Sledneck52]

I think I have a work around. Every device will need to be using the same IP string 192.168.0.XXX
I will have to use the VLAN configuration to isolate each router. Then on each router must be set on DHCP. Then I will have to give them an allotted amount of IP addresses. Not exceeding a total of 255.
Correct?

 

[bill001g]

2 problems.
Most consumer routers will not let you set the gateway IP in the DHCP server function to anything other than the router that is giving out the DHCP. You would want it to give out your main router.
The much larger issues is that if you actually use vlans then how do you manage to connect it to your main router. Your router does not likely support vlans. Your new problem is now you have isolated vlans but how do you get out of the vlan. A vlan is best though of a separate physical switch. If you just hook them up to the router lan ports then even though you may have different vlan numbers you have connected them all together.

The whole concept is flawed. This is one of the reasons network certification spend so much time on the concepts of layer 2 and layer 3 networking.

The whole purpose of a subnet mask is to define what is on the same network.....ie vlan. It will almost be impossible to get a router configuration that will work if you try to split the subnet but keep the same mask.

Now if you were to buy a commercial router our even one that semi professional one that supports vlans you could break the 192.168.0.x network into 4 networks. You would use a /26 mask and you would get 64 addresses per subnet. But it would be simpler to just assign 192.168.1.x 192.168.2.x etc using the more common /24 mask.

I think ubiquiti edge routers have this ability. They are pretty cheap but be careful to get one that can actually pass the amount of traffic you need. Also read the manual it has been a while since I looked and there might be differnces between the models. They all run the same OS and it is very powerful and unfortunately very complex for a new person.

 

[Sledneck52]

2 problems.
Most consumer routers will not let you set the gateway IP in the DHCP server function to anything other than the router that is giving out the DHCP. You would want it to give out your main router.
The much larger issues is that if you actually use vlans then how do you manage to connect it to your main router. Your router does not likely support vlans. Your new problem is now you have isolated vlans but how do you get out of the vlan. A vlan is best though of a separate physical switch. If you just hook them up to the router lan ports then even though you may have different vlan numbers you have connected them all together.

The whole concept is flawed. This is one of the reasons network certification spend so much time on the concepts of layer 2 and layer 3 networking.

The whole purpose of a subnet mask is to define what is on the same network.....ie vlan. It will almost be impossible to get a router configuration that will work if you try to split the subnet but keep the same mask.

Now if you were to buy a commercial router our even one that semi professional one that supports vlans you could break the 192.168.0.x network into 4 networks. You would use a /26 mask and you would get 64 addresses per subnet. But it would be simpler to just assign 192.168.1.x 192.168.2.x etc using the more common /24 mask.

I think ubiquiti edge routers have this ability. They are pretty cheap but be careful to get one that can actually pass the amount of traffic you need. Also read the manual it has been a while since I looked and there might be differnces between the models. They all run the same OS and it is very powerful and unfortunately very complex for a new person.

You’re correct.
I have done a lot for network stuff but nothing this involved.
the TP-link switch won’t work using it they way I want. The edgerouter will. I will just need to learn the commands. I have read that the GUI interface works but each change needs to be saved. There are a few settings that need to be done at the same time and would lock me out of the device doing it through GUI.