Hi All, I thought I'd describe our network and solicit others for their network topology. We currently have about 8 access points with about 60 total customers. Some of these are connected directly to our internal fiber VLan, others are connected to this VLan by PTP links. In addition, we have fiber customers on our VLan. This VLan is connected to the internet via a firewall. Each customer's wireless subscriber unit is connected to a DLink router.
We know that this network is not scalable as any customer can bypass their router and cause trouble. One customer did so and assigned our gateway IP to his router. When other customers arped for the gateway, they got his mac addr instead of our firewall's. It took some time for the mac address to expire in the other customer's arp table. Currently we are finding that a few of the DLinks are misbehaving. It seems as they may be rebooting. We're wondering if their arp tables are filling up. So, we are considering putting each AP behind a router, but we don't like this approach for diagnostics, tracking down virus spewers, pinging the customer's router, etc. We're considering a single board PC with two NICs dropping all packets from the customer which had a from address other than the customer's assigned ip addrress. It would also drop all packets not specifically destined to them. Our network is still small, but we are expanding it. We'd like to see other solutions and recomendations before this gets out of control. Thanks,