16 years ago
I thought I'd describe our network and solicit others for
their network topology. We currently have about 8
access points with about 60 total customers. Some
of these are connected directly to our internal fiber
VLan, others are connected to this VLan by PTP
links. In addition, we have fiber customers on our VLan.
This VLan is connected to the internet via a firewall.
Each customer's wireless subscriber unit is connected
to a DLink router.
We know that this network is not scalable as any
customer can bypass their router and cause trouble.
One customer did so and assigned our gateway IP to
his router. When other customers arped for the
gateway, they got his mac addr instead of our
firewall's. It took some time for the mac address
to expire in the other customer's arp table. Currently
we are finding that a few of the DLinks are misbehaving.
It seems as they may be rebooting. We're wondering
if their arp tables are filling up. So, we are considering
putting each AP behind a router, but we don't like this
approach for diagnostics, tracking down virus spewers,
pinging the customer's router, etc.
We're considering a single board PC with two NICs
dropping all packets from the customer which had a
from address other than the customer's assigned ip
addrress. It would also drop all packets not
specifically destined to them. Our network is still small,
but we are expanding it. We'd like to see other solutions
and recomendations before this gets out of control.