"OK Here are my main questions...

1) We want to put in something for traffic shaping as well as user authenication/control. Was thinking Mikrotik would be our best bet so far. Where would we connect this to the network. I would LIKE to only have one in a perfect world but I guess I'll need two of them since the network is split?

2) What is the best way to "Connect" Clients to our system. At the moment there is nothing authenticating them (Yes yes I know just horrible) Right now everyone has been paying and all is good so no worries yet. Would just filter the Mac of thier CPEs if they weren't behaving. Yes I know totally wrong but this is what I need help on. Right now the client CPEs are statically programmed on a certain IP of our choosing, and the routers at the POP1 and POP2 send DHCP to the client's machines hooked to the CPE.

3) Since POP1 and POP2 are on different subnets and behind routers is there any way where they can communicate between eachother? Our NOC is on POP1 and I'd like to monitor equipment on POP2 which I guess isn't possible? Is there a way of putting the entire "Core" up to the POPs on one single 192.168.1.x subnet and have the communication flow? I'm not very familiar with breaking up subnets.

Here's the layout of the system....

Tower 1 and 2 are fed with the highspeed connection and they send out to the POPs which are in an area that isn't DSL "Live". The 2.4 link is our MAIN feed and the 5.8 acts as a backup in case the 2.4 gets loaded or goes down.

At each POP there is a 2WAN router that combines the feeds into one and redistributes from there."{mos_sb_discuss:7}

shamanfk:
configure a Mikrotik as a bridge,,this would provide MAC filtering/authentication (with your CPE) and bandwidth management, traffic shaping.

Simply place the MT between the POP1 router and AP. do the same with the POP2 router and AP. add a routable IP to each Mikrotik and you can remotely access all network authentication and bandwidth functions from wherever you wish.

Keeping the networks separate will be helpful in the event you have to troubleshoot problems.

I put a MikroTik at each POP to cut down on back haul traffic=expense...

kewlkeed (original submitter):
Very very stupid question...

What excatly do you mean add a routable IP...

Also another question I had... Is this a good way of laying out the IP topology? We are changing to the 10.x.x.x scheme soon as well. Would I want the entire "Core" on the same subnet? Would that allow the traffic to flow?

Could you please just give me an example of how to lay out the IPs so that the MTs could communicate?

Sorry again cuz I know that's a totally stupid question but again never done this.

shamanfk:
routable IP= Public IP

that way you could communicate with the MT's from anywhere on the internet.

I prefer to have each POP have it's own IP Class, but that could be argued.

I would stay away from the 192.168.x.y class C as many consumer routers use that, and all that you need is for someone to switch the WAN wire with a LAN wire running DHCP.
If you use the Class A ,10.0.x.y pick an unusual combination, as some routers especially aDSL are programmed within that class.
I prefer to use a less know 172.16.x.y class B for a private network configuration.

kewlkeed:
Ahhh kick butt!

Duh yeah now I'm thinking, it MUST be late if I'm forgetting routable IP.

Yeah I'm probably gonna use the 10.x.x.x Scheme. I totally prefer that one but I might just hop the 172.16.x.x as well. Might keep that for core stuff and then jump down to 10 on the CPEs/APs.

Now that I'm thinking somewhat clearly I have some ideas of how to get the MTs to work. God dunno how I never though of that in the first place. Thanks.

Here's another question though for the MTs... What would work best in this situation, have them on two computers or two PC boards (Like RouterBoards or whatever it is they recommend) I want to have all the authenication go through a secondary RADIUS server if that's possible as well. (So no worries about needing massive space on the MT boards for the user info)

Anyone else have any other suggestions for the network layout or anything like that? A bunch of heads is always better than one.

shamanfk:
the choice between a PC or WRAP/Routerboard is your preference,, either one will do what you want well,, as you will be using a RADIUS server.
If the PC based MT goes down due to hardware failure, you can bring it back up within minutes, if you have the parts/technical skills available locally. There will be no need to reconfigure the MT unless it's a hard drive issue.
If you have hardware failure with a WRAP board , you will need a spare on hand or wait a few days for replacement and will need to reconfigure.
We are a PC shop so opt to use PC based, I have worked with both and see no difference for what you are using them for.

Original thread location