jcremin
join:2009-12-22
Siren, WI
kudos:2 | reply to wirelessdog
Re: Blocking Rogue DHCP said by wirelessdog:Running the CPE's in router mode would create double NAT issues on my network... What issues does it cause you? I have never... ever... had an issue by double natting. In fact, most of my customers with a wireless router are triple natted with the public IP at the core, and a private IP at the CPE and another one at the router.
The only time I have a problem with NAT is when a customer needs ports open publicly, which makes port forwarding more of a pain. In those cases, I give the CPE a public IP to eliminate the first layer of NAT. Then I disable DHCP on their router, plug the cable from the CPE into one of the LAN ports, set the router to x.x.x.2 (x.x.x.1 is the LAN side of the CPE) and then simply forward the ports in the CPE to whichever device they need access to.
A bit more work than simply bridging them a static IP, but so far I've only had to do it maybe 10 out of 350 installs. It is a small price to pay considering the benefits of not allowing anyone on my layer 2 network. |
