Initial WISP design.

Posted on 2005-04-18
Last Modified: 2006-11-18
Wow, I've been given a great big task... design a network from the ground up for a Wireless ISP.  

The wireless side has been handled (ie all the connectivity between nodes etc..)  but what to put on the connection side to the hard wired upstream ISP.

I have been told to use a Catalyst switch, some said use a PIX and others said to use a linux box as a router!!  Yikes... Where to start?

This is a clean sheet and I'll be gald to have some help!

Only information at the moment is an OC3 dedicated fiber connection terminated with a Quantum box that hands off ethernet.  At the moment there is just a handfull of ips assinged to deal with.  

What are you suggestions?

Question by:GBorsuk
    LVL 11

    Expert Comment

    With an OC3 on the outside, you probably need a gig port to connect to the Quantum box, and a bunch of 100 Mbps ports for the wireless points.  There are Catalyst models that can do this, but I'd want to put NAT and security on a separate firewall box (two gig ports) between the Quantum box and the switch.

    There might (by now) be a PIX model with gig ports; if there isn't, I think Netscreen (Juniper) makes one that will do.

    LVL 79

    Expert Comment

    PIX 525 and PIX 535 both support Gigabit Interfaces.
    You don't necessarily have to do NAT, and you may not even want to bother with it. Let users have public IP's or we'll get them here asking how they can get past your security so they can connect to their home PC from work..

    If you don't use a firewall, then a good choice would be a Cisco 3750G switch with multiple 10/100/1000 ports. You might want to go for the Enhanced Multilayer model to add advanced routing capabilities to it.


    Author Comment

    Problem with the quantum is it hands off 10/100 ethernet only (its the older model.. go figure upstream isp's!)

    I agree on not having nat, and getting the ip range needed.  The nice thing about the wifi side is its all done via wirless gateways so i dont need the HUGE number of 10/100/1000 ports. only about 24 or so to handle the internal noc and internal company equipment.

    Is the catalyst the beter solution than the pix?  All of the "wifi clients" will be behind a dhcp server that authorizes them to use the internet or passes traffice based on mac address (that side is out of my control and cant be changed)  I need to come up with the design to have growth capabilties/ maintaine network integreity and be able to keep the nasty things out of the network.  (ie some idiot has an open relay and i have spam traffic coming in and then back out saturating the net...)

    Where can in find more info about creating an "isp" type network?



    Author Comment

    Few more things i have come accross... "core router"  This is out of my scope of information what exactly is a "core" router with out it being the obvious main router....

    Is BGP something we should consider? is there a threshold that we look at on a client basis to then do that?  Then the whole redundacy thing comes in later!

    Thank again.

    LVL 79

    Accepted Solution

    >"core router"
    Main router, primary location router, the "core" of the network

    You might consider enabling BGP. The threshold is if you "own" an entire Class C subnet of public IP addresses. If you go through IANA and get your own IP address block, and your own BGP AS number, then you can advertise your IP block to your ISP. However, there is little value in receiving a full Internet route table, just take the defaults from the ISP.

    Author Comment

    This project is still in planning phases...but something that has come to light is tha ability to provide public ip's out to clients and to provide security to the network.
    I know Natting will be out when we give out public ips. (small deployment happening now, but its under private ip space natted to public on router)
    I'm not sure how to handle this topolgy.  We have committed to a cisco 1841 router to begin with and a descent HP 2626 switch at the noc.
    I need some information on how to handle subnetting/issuing ip's under dhcp (should we just let the router do it?) and how do we handle the static ip requests of business clients?
    I knwo some of this is more than 500 points, and am willing to open another question/questions, but i need a start so that we dont have to revamp the whole network 3 weeks into full deployment.


    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Suggested Solutions

    While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
    In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now