We are still in testing mode but want to put fourth a scenario that we can't seem to make work. It might just be that we are looking at this from the wrong end :?

I know of the opinions of bridging by some, but here is my plan and rationale. We want to keep our backbone all public IP's. This is mainly for monitoring and so we don't end up with a convoluted mess of NATing for customers that need real IP's 4 or 5 hops down the line. We want to NAT only from the AP to the customer.

Just speaking of a series of backbone links, | Ethernet - Tower A - Tower B - Tower C |, would we put 1 IP on each interface or 1 IP per Star-OS unit (in and out connection) and bridge them?

Anyone that wants to log into my box and show me how, I'd be glad to let you :D .

Arthur - DigitalWeb Internet

To bridge you only need one Ip to be able to access the unit for configuration.

A bridged backbone will not service very many users. I suspect about 500 max. Good luck.

Bridging also gives end-users the ability to own your network via proxy-arp theft. On a routed network this is difficult to do, and when you can do it, you are limited to your local subnet. In a bridged network, you can steal from anyone in your logical network.

In a layer2 switched environment (a network switch is a basic bridging device, after all) all you have to do is respond to every arp request, then forward the traffic after your sniff it. So without layer 3 intervention, anyone on a bridged network has access to each and every packet within the bridge group.

It is possible that the bridging in the wireless AP will stop this sort of stolen arp situation by not bridging broadcast traffic, and by overriding arp mechanisms, but in a true layer 2 bridge environment, there is no packet security at all. There was a time when we thought layer 2 switrches offered anti-sniffing security, but that day is past...


George

We did just plug in a layer 3 switch a few weeks ago... haven't had time to play with it for configuration, but all my wireless comes in from 2 interfaces... 4 or so in the future.

We also re-arranged our network some time ago and structured it into 4 seperate subnets, but by the sounds of it, you guys don't think that would be ideal either. Only 1 or parts of 2 of the subnets would be for wireless.

I'm open to suggestions or help. While I am concerned with performance, my biggest concern is service. I have to make sure I can provide my customers with Public IP's that work. If I can do this another way besides bridging the wireless portion great, but I can't have things like VPN's, Video conferencing etc. breaking because of NAT or something else.

Oh ya. By the way, we got our test scenario working. We must have had one of those odd hardware issues that was fixed umpteen revisions ago.