Limit the number of active MAC Addresses


#1

Hi all,

are there plans to implement an option to limit the number of active MAC addresses behind a C5? We for example would like to limit the MAC Addresses to 2 or maybe 3. This would solve the problem, customers cause when they just connect a switch with a bunch of PCs to the C5.

  • Mat

#2

@Mathias initially we were thinking to have this limit be implemented in some fashion along with the DHCP Option 82 support we are adding (where the DHCP server would know the limit per MAC address of the C5), however I can see the need you’re suggesting for a more standalone situation. It might be good to share a bit more with @David about your architecture so we can understand fully what you’re looking for to add to our roadmap.


#3

I understand that Option 82 and a RADIUS server would make it possible to limit the IPs per C5 and we are very happy that Mimosa plans to implement this feature. But in small scenarios it would help to minimize the impact of a wrong configured client router.


#4

I have been testing for a week now with an A5 -18 and a C5 and the connection is GREAT! The problem I am not sure how to overcome has been mentioned several times here, but I have yet to see a solution that is simple to implement and manage. Without a router function not only are there real potential for problems with clients plugging in their equipment incorrectly (I had it happen yesterday, but because of my current equipment having a router function they only lost internet and in no way effected my network) but unless I’m overlooking something it would require me to put an ip address on every C5 (to manage it) and on every customer router (to do bandwidth throttling). I am sure there is a better way (above my current level of expertise) to implement, but it couldn’t be as simple as flipping a switch and making the C5 a router and protecting my network from everything behind the radio. That’s not even looking at the fixed mount (that requires me to purchase another product to adjust the radio angle) and the lack of any included POE for a product that’s price point in already higher than what I am currently installing. Maybe this will be a perfect fit for many WISPs but I am a small WISP and will probably never exceed 80 clients on the A5 and speeds of 20mb max to each client. Unless I can figure a way around the “router” problem in the next few days I am going to return all of them and upgrade inside of my current product line. Thanks for the opportunity to voice my thoughts.


#5

Tim,

You can use VLAN to put a private IP on the C5 for management and then untagged VLAN for customer device which gets a public IP. We configuring limiting parameters at the A5.

Happy to help if you need assistance with that type of setup.

As for forcing routing at the customer side, you could provide a G2 device with every connection which gives you a managed Wi-Fi router at the customer side. This does add more up front cost per customer (which you may be more sensitive to) but a solution. (A savvy end-user could get their own POE injector and bypass, but the average end-user wouldn’t think to do this).

You should be able to minimize the impact of improperly installed customers with firewall rules on your router (ie: block dhcp server responses coming from customers). It would be a nice feature for Mimosa to add filtering options to the C5 to block DHCP server from customers (I think this is already on the road map?)

Looking forward to DHCP option 82, great to control and/or identify what IP the customer gets.


#6

@Tim2 thanks for the feedback, we certainly can understand the cost sensitivities involved for many WISPs, this is to a large degree why we’ve given ISPs the choice for a lower cost router+PoE or a simple PoE. I realize this may make more sense for ISPs buying more in scale and picking preferred accessories.

Regarding the concerns you raise about routing, hopefully you’ll have noticed that in the 2.0.2 release we’ve introduced all functions within the A5 to prevent network outages from improperly connected home routers (rogue DHCP server, broadcast traffic flood prevention, etc.). So it should not be required to have a router at the A5 location, and of course other neighboring C5 clients on the same A5 are isolated from each other as well. This was also done to make it easy to leverage an existing router for cost reasons, and over time we’ll add capabilities to auto-provision the right IP addresses as I think you noticed in the Option 82 feature.

For IP addresses on the C5, most use a private management VLAN. In actuality, the A5 in the background also does contact the C5 autonomously if IP addresses are not setup to monitor health, and displays each C5 basic within the A5 user interface as normal, although it is not possible to use the Web UI function to access the C5 the UI in this fashion currently, so it’s mainly for aggregate monitoring.

Hope this helps, let me know if I can answer any more concerns/questions.


#7

@Tim2 I forgot to ask, have you tried the rate/speed limiting within the A5 yet? We’ve put it centralized in the A5 so that you do not have to manage that on each separate radio or router at the premises.


#8

@Jaime Is 2.0.2 released already? Unless I’m looking in the wrong place I’ve only seen 2.0.1. Hook me up!


#9

Hi Rob,

I made it available to you. Will send more info your way.